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Smarter technology for a Smarter Planet: 


Finding meaning 
in the noise. 


An unprecedented amount of information flows through companies every 
day. But to what effect? A recent study found that 52% of managers have 
no confidence in the information they rely on to do their job. And 42% of 
them actually use the wrong information at least once a week. Without 
the right approach to business intelligence, companies struggle to turn all 
that information into sound decisions. 

IBM business intelligence and performance management solutions give 
you the smarter tools you need to access the right information, making 
it available to the right people when and how they need it. Today IBM 
is helping over 20,000 companies spot trends, mitigate risk and make 
better decisions, faster. In fact, we helped a major retail supplier achieve 
this by cutting their average financial reporting time by almost 50%. 

A smarter business needs smarter software, systems and services. 

Let’s build a smarter planet, ibm.com/intelligence 










IBM, the IBM logo, ibm.com, Smarter Planet and the planet icon are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other 
product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at www.ibm.com/legal/copytrade.shtml. 





The configurable Command Center puts all the 
information you need in one place. Manage individual 
agents, quarantines, threats, and more. 


CPU % Used During Scan 


VIPRE I 
McAfee i 
Trend Micro I 
Symantec I 
Sophos i 
Webroot I 



CPU Percentage 


How does your current software compare? 

VIPRE Enterprise scans at a brisk 13.95 MB/sec and 
uses just 27% of CPU and 50 MB of RAM. In idle, it 
uses a mere 13.3 MB RAM with a disk footprint of just 
113 MB. You'll hardly notice it's running! 



Sunbelt Software 


Until now, antivirus engines have been Frankensteins, bolted 
together from bits and pieces of different products. They're slow, full 
of bugs, and hard to manage. 

VIPRE Enterprise is a revolutionary new approach. It's built from scratch 
as the all-in-one antivirus, antispyware, anti-rootkit solution that gives 
you complete endpoint malware protection without hogging 
resources! It's fast, powerful, and easy. 

Plus, advanced anti-malware technology protects your system against 
the new wave of malware threats. No more juggling multiple programs. 
No more dealing with user complaints about slow workstation 
performance. 

• COMPLETE! All-in-one protection from today's malware. 

• FAST! High-performance and low impact on system resources. 

• EASY! Manage everything easily from one command screen. 

• RELIABLE! Configurable, real-time monitoring technology. 

• AFFORDABLE! Low $10 per seat pricing to save you money. 

Why struggle with slow resource hogs when you can manage ALL your 
malware threats with one fast, easy application? 

Curious? Download your FREE copy of VIPRE Enterprise and give it a 
test drive. 

When you compare VIPRE Enterprise to Symantec, McAfee, Trend Micro 
or whatever antivirus program you're using, you WILL want to switch! 
Don't worry, though.You can get VIPRE Enterprise at our competitive 
upgrade price of only $10 per seat! 


Download VIPRE Enterprise today and get your own home version of VIPRE to keep FREE as our gift to you! 

www.TestDriveVipre.com 

Sunbelt Software Tel: 1-888-688-8457 or 1-727-562-0101 Fax:1-727-562-5199 www.SunbeltSoftware.com sales@sunbeltsoftware.com 

© 2009 Sunbelt Software. All rights reserved. VIPRE Enterprise is a trademark of Sunbelt Software. All trademarks used are owned by their respective owners. 

New licenses are available for $10/seat up to 500 seats, minimum 10 seats. For customers with over 500 seats, please call for special pricing. Available for a limited time and subject to change without notice. See website for more details. 
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COVER STORY 

25 A Better BitLocker: 

BDE Enhancements 

New features in the BitLocker volume-level data encryption 
solution might make moving to Windows 7 or Windows 
Server 2008 worthwhile. 

BY JAN DECLERCQ 


FEATURES 

30 Plan and Execute an Active 
Directory Merger, Part 1 

Get started with an organizational Active Directory 
merger with quick, easy wins to smooth the 
transition. Then move on to details such as 
configuring name resolution and forest trusts and 
preparing the computers and new domain for 
migration. 

BY ERIC B. RUX 

34 Crash Course in P2V 
Migration 

Physical-to-virtual (P2V) migration can be just what 
you need to preserve legacy systems from orphaned 
workstations. Follow these steps to make the switch. 

BY JAMES BANNAN 

38 Microsoft System Center 
Configuration Manager 2007 

Configure SCCM to deploy an OS contained in a 
Windows Imaging Format (WIM) file. 

BY JOHN SAVILL 
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42 Step-by-Step SharePoint 
Disaster Recovery 

Your SharePoint server is down. Do you know 
what to do? Learn how to accomplish a successful 
recovery, even if you haven't implemented 
SharePoint farm backups. 

BY RANDY WILLIAMS 


INTERACT 

18 Reader to Reader 

Explore 175 free tools, deploy IE plug-ins with 
Group Policy, find out what application really opens 
a document for a user, and use DevCon to install 
device drivers. 

23 Ask the Experts 

Manage your NICs for Hyper-V, understand the gray 
Outlook icon, choose to use wireless over wired 
networking, distribute changes to your Exchange 
classification, and more. 


PRODUCTS 

New & Improved 

Check out the latest products to hit the 
marketplace. 

PRODUCT SPOTLIGHT: Office 2010 Technical 
Preview 

REVIEW 

Prowess SmartDeploy 
Enterprise 

If you have to deploy Windows network-wide 
and your computers are a hodgepodge 
of miscellaneous models from various 
manufacturers, check out SmartDeploy. 

BY ERIC B. RUX 

COMPARATIVE REVIEW 

Virtualization 
Management Shootout: 
Microsoft System Center VS. 
VMware vSphere 

Comparing the two rival virtual machine 
management products from Microsoft and 
VMware, we found that one offers more 
comprehensive features, while the other 
offers a less expensive investment. 

BY MICHAEL OTEY 

MARKET WATCH 

Hosted Exchange Server 
Makes More Sense Than Ever 

The market for hosted Exchange Server is 
growing as companies look to outsource 
messaging and get more productivity. Heavy 
competition from providers means good 
deals for businesses. 

BY B.K. WINSTEAD 

BUYER’S GUIDE 

SharePoint Document 
Management Products 

SharePoint has emerged as a viable 
document management platform that can 
meet the needs of organizations of all sizes. 

BY JEFF JAMES 

Industry Bytes 

More vendors are offering mobile 
management consoles that support multiple 
platforms, plus Microsoft is in the doghouse 
over Outlook 2010's HTML rendering engine. 
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5 Is the Microsoft 
Upgrade Treadmill 
Broken? 

Rather than try to compete with 
companies and products that 
fall outside its niche, Microsoft 
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historical strength—developing world-class client, 
server, web, cloud, and mobile device software 
platforms. 
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11 Essential 
Environment 
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Set is a basic Windows Server 
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perform arithmetic. 
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12 Windows 7 Tips 

Take advantage of new Windows 
7 features such as the Problem 
Steps Recorder, BitLocker To Go, 
built-in ISO burning support, 
and Resource Manager to 
maximize your productivity. 
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14 Find the Binary 
File for Any WMI 
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Management Instrumentation 
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New Active Directory Features in 
Windows Server 2008 R2 
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—John Savill 
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Windows Gatekeeper 
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Denial-of-Service attacks, and disable User Account 
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Windows IT Pro Editors 


Twitter: Visit the Windows IT Pro Twitter page at 
www.twitter.com/windowsitpro. 


Li n ked I n : To check out the Windows IT Pro 
group on Linkedln, sign in on the Linkedln 
homepage (www.linkedin.com), select the Search 
Groups option from the pull-down menu, and use 
"Windows IT Pro" as your search term. 


Face book We've created a page on Facebookfor 
Windows IT Pro, which you can access at 
http://tinyurl.com/d5bquf.Visit our Facebook page to 
read the latest reader comments, see links to our latest 
web content, browse our classic cover gallery, and 
participate in our Facebook discussion board. 
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IT PRO PERSPECTIVE 


James 


"Microsoft's strategy to compete 
with Google and Apple seems 
reactive and derivative." 



Is the Microsoft Upgrade Treadmill Broken? 

Unfocused strength is actually a weakness 


I 've spent a lot of time with Windows 7 lately, and I'm 
impressed: It's easily the best Windows client OS ever and 
addresses many of the gripes I've had about Windows 
Vista. Windows 7 is just one of a plethora of new products 
Microsoft plans to release in the next year (see "Upcom¬ 
ing Microsoft Releases," July 2009, InstantDoc ID 102191), 
spending millions—if not billions—to develop and market these 
products. But can an IT industry hobbled by an anemic economy 
and penny-pinching CIOs pay for it all? I have my doubts, and not 
solely because of limited IT budgets. 

The Netbook and Windows Vista: 

Canaries in the Coal Mine? 

Remember all the stories about the success of the $300 netbook? 
Many attributed netbooks' explosive sales to the poor economy, but 
I think that's only part of the story. As any 20-something college stu¬ 
dent can tell you, the Internet has emerged as a viable platform for 
software applications over the past decade. You don't need a $1,500 
PC to check webmail, edit a document with Google Docs, or upload 
Faceboolc pics. On the IT side of the fence, innovative companies 
such as Spiceworlcs are leveraging the Internet to produce world 
class, web-based apps for IT pros. 

Here's the rub: The industry has historically been jammed 
into an upgrade hamster wheel, locked into an ongoing cycle that 
involves purchasing new Microsoft software and hardware powerful 
enough to make it run acceptably. That model might have worked 
in the past, but the epic failure of Vista shows that the model might 
be broken. Vista didn't offer a compelling value proposition, so 
many IT pros sat on their wallets and stuck with Windows XP. In an 
era when many people use only a fraction of the full capabilities of 
Office, Outlook, and SharePoint, where's the compelling motivation 
for IT pros to spend a fortune on new upgrades? 

Although many IT pros agree that Windows 7 is superior to 
Vista, financial concerns still rule. According to a survey conducted 
by Kace Networks, 84 percent of respondents have no plans to 
upgrade to Windows 7 within the next 12 months; a similar survey 
from ScriptLogic revealed that 60 percent of IT pros don't plan to 
deploy Windows 7. I'm sure many IT pros will wait until Windows 7 
SP1 before making a deployment decision, but starry-eyed pundits 
(and Microsoft execs) expecting Windows 7 to be deployed on every 
desktop in every home and office by the end of the year are in for a 
surprise. 


Microsoft 1.0 in a 2.0 World 

Microsoft's upcoming product fusillade is the company's response 
to all these market factors, although the approach is somewhat 
akin to lobbing a heaping glob of spaghetti at the wall and hoping 
something sticks. Most IT departments can't incur the immense 
cost of a dozen upgrades at once, but Microsoft knows that many 
will upgrade something. 

Microsoft has a long history of innovation, including the addic¬ 
tive genius of Xbox LIVE, the ubiquity of SharePoint, and the impres¬ 
sive work of the Microsoft Automotive Group and the Windows Live 
Mesh team. Yet the company's strategy to compete with Google and 
Apple seems reactive and derivative. Bing is a fine search engine, 
but is Microsoft really a good fit for the Internet search business? 
Likewise, should a software publisher try to become a brick and 
mortar retailer, as with Microsoft's retail stores? Microsoft's tenacity 
in the face of competition is legendary—but that strength is also a 
weakness if the battles are fought for the wrong reasons and on the 
wrong battlefields. 

On the development front, Microsoft's initiatives largely seem 
rooted in the desktop-focused, software-in-a-box mentality that 
the company used successfully more than a decade ago. Colleges 
and universities are racing to add classes devoted to iPhone app 
development, but not for Windows Mobile. In an effort to jump- 
start mobile app development for the upcoming Windows Mobile 
Marketplace—Microsoft's delayed answer to Apple's iPhone App 
Store—Microsoft's "Race to Market Challenge" dev contest dangles a 
Microsoft Surface table as the grand prize. I'm sure Microsoft Surface 
is a fine technology demonstrator, but is a thoroughly immobile, 
200-pound piece of furniture the right way to encourage mobile app 
development? (Note to the Windows Mobile Marketing team: Please 
Google Bing the word "irony.") 

As my colleague Michael Otey says, Microsoft needs a "mindset 
reset." I couldn't agree more. Here's my advice for Redmond: Ease 
off on the insane product release tempo; dump dead-end, profit¬ 
sucking distractions like the Zune and Microsoft retail stores; and 
focus on your strength, which is developing world-class client, 
server, web, cloud, and mobile device software platforms. Who else 
agrees with me? ^ 

InstantDoc ID 102730 

JEFF JAMES (jjames@windowsitpro.com) is Editor-in-Chief, Web Content 
Strategist for Penton Media's IT Publishing Group. He specializes in server 
operating systems, systems management, and server virtualization. 
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Troubleshooting Active 
Directory—eLearning series 

Join MVP and Active Directory expert 

Sean Deuby on October 29 for three 

lessons and live Q&A sessions. Get 

useful methods, tips and best practices 

to keep Active Directory working at all 

times, quickly solve authentication and 

logon issues, troubleshoot replication 

problems, and put together a solid 

Active Directory disaster recovery plan. 

windowsitpro.com/go/TroubleshootingActive 

DirectoryeLearning 


Server and Storage Migration 
Solution—Dramatically reduce 
the impact of migration tasks on 
your users and IT staff! 

This white paper about server and 
storage migration solutions discusses 
concerns that affect data, application, 
and whole-system migration. It also 
explores existing methods of perform¬ 
ing migrations and use-case scenarios 
that describe a way to change how you 
perform migrations. 
windowsitpro.com/go/MigrationSolution 


Podcast—Fax over IP: 

Bringing FAX technology to the 
21 st century 

As networking technology changes 
and businesses use VoIP to combine 
telephony with their existing network¬ 
ing infrastructure, IT has the chance 
to update an organization's faxing 
approach. Understanding how FolP 
works and how IT can implement a cost 
effective faxing solution will result in an 
improved ROI for the money spent on 
the VoIP infrastructure, improved FAX 
management capabilities, and better 
utilization of FAX technology through¬ 
out the enterprise. 
windowsitpro.com/go/21stCenturyFax 


■ AD Script 

■ SharePoint Farms 


Active Directory Growth Tracker 

Jim Turner's "Active Directory Growth Tracker: 
A Script to Count Objects" (August 2009, 
InstantDoc ID 101930) 
provides a great script that 
I put to use right away. 

I've added functionality 
to it, but I can't figure out 
how to count a specific 
number of workstation 
objects in a specific OU. I 
need to know the number 
of computer objects in a 
specific OU, all of which 
are enabled. Thanks for 
any help you can give, and 
thanks again for a great 
tool. 

—John Witbeck 

Thank you for writing! My article, "Using 
Saved Queries for Active Directory Man¬ 
agement" (InstantDoc ID 97087), provides 
guidance for your question. Also, you might 
add some If logic and count to determine 
whether the OU (adspath) equals what you're 
looking for. 

—Jim Turner 

Best Practices for Document 
Libraries 

Another great article from Dan Holme is 
"Top 10 Best Practices for Document Librar¬ 
ies" (www.officesharepointpro.com/ 
Articles/tabid/149/nodeid/1983/Top-10- 
Best-Practices-for-Document-Libraries. 
aspx). During SharePoint farm manage¬ 
ment, I've faced all the concerns he men¬ 
tions. I've had to uncheck documents in the 
middle of the night, and I've had to execute 
a long campaign advising site administra¬ 
tors to clean up their SharePoint installa¬ 
tions. Another pain point I've encountered 
is document and view migration to other 


■ Boycott Opera? 

■ Apple Tax 


subsites. Business users expect the farm 
administrator to do this task for them. 
Sometimes, the task involved more than 

300 files and folders. I look 
forward to more articles 
from Dan. 

—Himadrish Laha 

Troubleshooting 
Disk I/O 
Performance 

I watched Michael 
Morales's video on ITTV 
.net about Xperf trouble¬ 
shooting ("Xperf Intro¬ 
duction," www.ittv.net/ 

Vi d eo PI ay e r/Ta b I d/5 7/ 
Videold/419/Xperf- 
Introduction.aspx) and 
found it very helpful. I have one question, 
though.Troubleshooting high CPU utiliza¬ 
tion (e.g., kernel/process, DPCs) is much 
more clear because you can see utilization 
in Task Manager. But how can you possibly 
know that your disk I/O is suffering when 
you can't see disk lights on server? Noth¬ 
ing in Task Manager will tell you that you 
have a problem with high disk I/O. I usually 
add Page Fault Delta into Task Manager to 
see if there's heavy paging happening, but 
this will usually be an indication of RAM 
shortage and not a hard disk problem. So, 
how do you figure out that you need to 
troubleshoot disk I/O performance if all 
you have is remote console access to your 
server? 

—Greg Suvalian 

One of the counters you can use to help deter¬ 
mine whether disk I/O has increased on your 
system is Physical or Logical Disk Bytes/Sec. 
Disk Bytes/Sec is the rate bytes are transferred 
to or from the disk during write or read opera¬ 
tions. You can further break this counter down 
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into Disk Read Bytes/Sec and Disk Write Bytes/ 
Sec Disk Read Bytes/Sec is the rate at which 
bytes are transferred from the disk during 
read operations. Disk Write Bytes/Sec is the 
rate at which bytes are transferred to the disk 
during write operations. If you notice that the 
Disk Bytes/Sec has shot up, you can use Xperf 
to determine which files certain processes are 
accessing during the high I/O. 

DKHardDrive-Ligh t (www.softpedia 
.com/get/System/Hard-Disk-Utils/DK 
HardDrive-Light.shtml) is a freeware utility 
that might help you monitor your drives. 
According to the documentation, the tool 
"monitors the computer's hard drive and 
notifies you of activity by blinking a red light 
in the system tray. Monitor hard drive activ¬ 
ity right from your desktop. This is helpful 
when the computer's hard drive light is not 
within view." 

Hope this helps! For additional reading 
on Xperf, see my Windows IT Pro columns, 
"Examining Xperf" (InstantDoc ID 102054) 
and "Under the Covers with Xperf" (Instant- 
Doc ID 102263). 

—Michael Morales 

Boycott Opera? No Way! 

I do wish Paul Thurrott would quit beating 
up on Opera (Winlnfo Short Takes, July 17, 
2009, InstantDoc ID 102492). I started using 
Opera back when I had to pay for it because 
the only other options for a Windows 
browser at the time were the security hole 
that was (is) Microsoft Internet Explorer (IE) 
and the then-decrepit Netscape Navigator. 
I've been very happy ever since. Opera is 
fast, is almost completely customizable, and 
has been free for quite a while. Opera also 
was first with many of the features you'll 
find in other browsers today. Paul mentions 
that Opera was responsible for pressur¬ 
ing Microsoft via the European Union (EU) 
to make the IE 8 executable completely 
removable from Windows 7. How is that a 
bad thing, exactly?Thanks for listening! (I 
otherwise enjoy your newsletter.) 

—Mark Averett 

Apple Tax 

I want to thank Paul Thurrott for all his de¬ 
tailed and interesting reporting; I appreci- 


"What part of 
Select All does 
Microsoft Word 
not understand?" 

ate all he does and writes. But I would 
toss out a suggestion. The Apple Tax 
(Winlnfo UPDATE, July 16, 2009, Instant¬ 
Doc ID 102481) isn't just about the 
money. Leaving aside aesthetics—we all 
like owning and using beautiful objects— 
some of us long-time and still-current 
Microsoft users are sorely tempted to 
move to an Apple system merely to get 
software that works, consistently, the way 
it promises. 

Here's a prime example: I compile a 
biweekly industry newsletter about hotel 
technology. During the two-week prepara¬ 
tion period, I cut and paste information 
from press releases and other sources and 
dump it into a Microsoft Word file. Before I 
edit the content down to something read¬ 
able, I run a quick macro that selects the 
whole document and formats everything 
into a single font and paragraph style to 
make it easier to read and work with. Yet, 
when I start cutting and pasting this con¬ 


verted text, Word—at apparently random 
moments—will choose to paste it in a 
different font (often Courier) or four points 
larger and bold. What part of Select All does 
Word not understand? Obviously, there 
are some formatting commands buried 
in the text somewhere that aren't getting 
converted. 

I've tried repairing Office several 
times and even re-installing it from 
scratch. But the same thing happens. At 
this point, I have no choice but to accept 
this behavior as a Microsoft "feature." It's 
not the only instance of erratic behavior, 
just the most aggravating and frequent 
one I encounter. 

My past two computers have been IBM 
ThinkPad X-Series models, but I'm tempted 
to buy an Apple system if it would work 
better for me. Apple has a reputation for 
making stuff that simply works, consistent¬ 
ly. But I worry that I'd still have to use Office 
(for the Mac) and that in a mixed Apple/PC 
environment at home I might be swapping 
one set of problems for another. 

Yes, Apple products are more expensive. 
But the financial AppleTax might just be 
worth paying to get out from under the 
Emotional Pain Tax that Microsoft imposes. 

—Jon Inge 

InstantDoc ID 102677 


Oops! 

Who Won Best of Tech ED 2009? 

The Windows IT Pro website lists SpecOps Password Reset as the winner in the 
Security category of the Best of TechEd 2009 awards (windowsitpro.com/article/arti- 
cleid/102114/tech-ed-2009-best-of-tech-ed-winners-announced.html). In apparent 
contradiction to the website, the July issue of Windows IT Pro has a full-page advertise¬ 
ment in which Windows IT Pro congratulates Sunbelt Software for VIPRE Enterprise 
winning Best ofTechED 2009 for Security. So which is it? 

—Scott Huntley 

Many thanks for pointing out the error. Specops Password Reset is the winner, and Sunbelt 
Software's VIPRE Enterprise was a finalist. We printed the incorrect logo on the congratula¬ 
tory advertisement for Sunbelt. The ad should have called Sunbelt out as a finalist. Please 
accept our apologies for the error. You can see the complete list of finalists at windowsitpro. 
com/article/articleid/102027/best-of-teched-2009-awards-finaUsts-announced.html. 

—Jeff James 
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Thurrott 

"This is the most compelling version of Windows 
ever produced; it will be an excellent computing 
platform for years to come." 


NEED TO KNOW 


What You Need to Know About Windows 7 
Availability and Pricing 


W ith Windows 7 barreling towards an October 
22, 2009 general availability date, Microsoft has 
begun leaking details about how and when it will 
actually deliver the OS to its various customers. 
And it's also revealed, finally, what Windows 7 
will cost. But you won't have to wait for October 
22 to get Windows 7. Here's what you need to know about Windows 
7 availability and pricing. 

When You Can Get Windows 7 

Although Microsoft originally said it wouldn't ship Windows 7 in a 
staggered fashion as it did with Windows Vista, I'd long envisioned 
a "rolling thunder"-type release schedule with different customers 
receiving Windows 7 on different dates, over a period of months. 

That's indeed what's happening. Here are the relevant milestones 
in the Windows 7 release schedule: 

RTM: July 22, 2009. Windows 7 is released to manufacturing, 
though it's a certainty that Microsoft will issue hotfixes between this 
date and the date on which the OS is generally available. 

OEM partner deliver: July 24. PC makers and other partners 
receive Windows 7. 

Evaluation version: early August. A 30-day evaluation version 
of Windows 7 Professional is released to the public via Microsoft's 
Springboard website. 

MSDNand TechNet release: August 6. Subscribers gain access to the 
final, shipping version of Windows 7. 

Software Assurance (English): August 7. Volume license custom¬ 
ers with an existing Software Assurance (SA) license receive download 
access via the Volume License Service Center (VLSC). 

Microsoft Partner Program Gold/Certified member (English): 
August 16. Gold and Certified partners get download access. 

Microsoft Action Pack (English): August 23. Subscribers can 
download Windows 7 RTM. 

Software Assurance (SA) (other languages): August 
23. Volume license customers with an existing SA 
license can download Windows 7 RTM in other lan¬ 
guages via the VLSC. 

Non-SA volume license: September 1. Volume 
license customers without the SA license can purchase 
Windows 7 through Volume Licensing. 

Microsoft Partner Program Gold/Certified mem¬ 
ber (other languages): October 1. Gold and Certified 
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partners can download Windows 7 RTM in other languages. 

Microsoft Action Pack (other languages): October 1. Subscribers 
can download Windows 7 RTM in other languages. 

MSDN and TechNet (other languages): October 1. Subscribers 
can download Windows 7 RTM in other languages. 

General Availability: October 22. Windows 7 is available via 
retail stores, online, and with new PC purchases. While PC makers 
begin shipping PCs in all of the 35 available languages, retail ver¬ 
sions of Windows 7 are available on this date in English, Spanish, 
Japanese, German, French, Italian, Dutch, Russian, Polish, Brazil¬ 
ian Portuguese, Korean, Simplified Chinese, Traditional Chinese, 
and Chinese (Hong Kong). On October 29, Microsoft delivers the 
remaining Windows 7 language versions—Turkish, Czech, Portu¬ 
guese, Hungarian, Swedish, Danish, Norwegian, Finnish, Greek, 
Ukrainian, Romanian Arabic, Lithuanian, Bulgarian, Estonian, 
Slovenian, Hebrew, Thai, Croatian, Serbian Latin, and Latvian- 
worldwide, at retail. 

What Windows 7 Will Cost You 

You will be able to purchase individual copies of Windows 7 at retail 
and via the online Microsoft Store. Windows 7 is available in Full 
and Upgrade versions and in special Windows Anytime Upgrade 
(WAU) packages that let you upgrade from one retail version of 


Table 1: Estimated Retail Pricing for Windows 7 Full and 
Windows 7 Upgrade Versions 


Windows 7 Versions 

Full 

1 Upgrade 

Windows 7 Home 
Premium 

$199.99 

$119.99 

Windows 7 Professional 

$299.99 

$199.99 

Windows 7 Ultimate 

$319.99 

$219.99 


Table 2: Estimated Retail Pricing for Windows 7 Windows Anytime Upgrade Versions 

Windows 7 Versions 

[windows Anytime Upgrade versions 

1 

Windows 7 Starter 

to Home Premium: 
$79.99 

to Professional: 
$114.99 

to Ultimate: 
$164.99 

Windows 7 Home 
Premium 


to Professional: 
$89.99 

to Ultimate: 
$139.99 

Windows 7 
Professional 



to Ultimate: 
$129.99 
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Now, upgrade 
your server room 
without overhauling it 

APC integrated cooling future-proofs your 
IT room without breaking the bank 

Is your server room a barrier to adopting new technologies? 

Consolidation, virtualization, network convergence, blade servers—these new 
technologies improve efficiency, cut costs, and allow you to “do more with less.” But 
they also bring high-density power, cooling, and management challenges that server 
rooms were never designed to handle. You’re relying on guesswork, depending on 
building air conditioning, or improvising remedies. So, how can you increase the level 
of reliability and control in your server room without spending a fortune? 


Introducing the APC by Schneider Electric total server room solution 

Now you can get power, cooling, monitoring, and management components that 
easily deploy together as a complete, integrated solution. Everything has been 
pre-engineered to work together and integrate seamlessly with your existing equip¬ 
ment. Just slide this proven, plug-and-play solution into most existing spaces— 
there’s no need for confusing cooling configurations or expensive mechanical 
re-engineering. The modular, “pay as you grow” design lets you be 100 percent 
confident that your server room will keep pace with ever-changing demands. 

Future-proof your server room easily, cost-effectively 

APC takes the hassle out of configuring server rooms. Self-contained InRow cooling 
units, high-density NetShelter enclosures, and the APC rack air containment system 
combine to create a proper IT ecosystem in almost any surrounding. Rack-level 
monitoring sensors, intelligent controls built into the cooling unit, and integrated 
management software provide complete remote control and unprecedented visibility 
into the entire system. Simply add power protection (like undisputed best-in-class 
Smart-UPS or Symmetra units) and you have a total solution for today tomorrow, 
and beyond. 


The integrated, 
cooled, managed 
server room 

©Cooling Effective and 
energy-efficient InRow 
cooling units handle 
high-density heat at its 
source. Unique variable 
speed fans automatically 
adjust to meet changing 
heat loads. 

© Power Energy-efficient, ultra-reliable Smart-UPS and 
Symmetra UPSs offer scalable runtime. Rack-mount 
power distribution units (PDU) ensure that a wide variety 
of devices get plugged in and powered. 

© Environmental Monitoring & Management 

PoE-enabled temperature sensors let you keep an eye 
on conditions at the rack level. Metered PDUs report 
on aggregate power draw and tell you which racks 
have available capacity. Centralized software gives you 
real-time, data-driven insight into the entire system from 
anywhere on the network. 

© Enclosures Vendor-neutral NetShelter SX rack 
design handles high-density airflow and power needs. 




Learn how to reduce cooling expenses 
with our FREE Cooling Efficiency kit 


Visit www.apc.com/promo Key Code k302w • Call 888-289-APCC x6077 • Fax 401-788-2797 



by Schneider Electric 


©2009 Schneider Electric, All Rights Reserved. Schneider Electric, APC, InRow, NetShelter, Symmetra, and Smart-UPS are owned by Schneider Electric, or its affiliated companies in the United States and other countries, 
e-mail: esupport@apc.com • 132 Fairgrounds Road, West Kingston, Rl 02892 USA • 998-2028 Tull details are available online. 



































■ NEED TO KNOW 


Microsoft has promised to deliver a 
so-called browser"ballot box"which 
customers can use to choose between 
IE and competing web browsers. 


Windows 7 to another. (You can't "down¬ 
grade" of course.) 

Pricing for Windows 7 is nearly identical 
to that of Vista. In a nod to multi-PC house¬ 
holds, Microsoft finally offers a three-PC 
Family Pack for $150; this version includes 
three product keys for Windows 7 Home 
Premium Upgrade and represents a signifi¬ 
cant savings. 

Table 1, page 8, shows estimated retail 
pricing for the Windows 7 Full versions 
and Windows 7 Upgrade versions. Table 2, 
page 8, shows estimated retail pricing for 
the Windows 7 Windows Anytime Upgrade 
versions. 

No More E Editions for Europe 

Earlier this year, Microsoft announced that 
it would ship special browser-less versions 
of Windows 7, called the E Editions, to 
customers in Europe because of a pending 
antitrust ruling there. However, spurred by 
EU regulators, Microsoft has since canceled 
plans for the Windows E Editions and will 
instead deliver the normal Windows 7 


lineup in Europe this fall. 

In a major concession to EU regula¬ 
tors, Microsoft has promised to deliver a 
so-called browser "ballot box," which cus¬ 
tomers can use to choose between IE and 
competing web browsers. This interface 
will be delivered by early 2010 if the EU 
accepts it. 

Recommendations 

Microsoft hasn't done a great job of commu¬ 
nicating how it will deliver Windows 7, but if 
you follow the milestones I noted above, you 
might discover that you can gain access to 
this upgrade well in advance of the general 
availability date of October 22. 


My advice is to test and deploy Windows 
7 as soon as possible. It's safer and more 
modern than Windows XP and offers better 
performance and usability than Vista. 

This is the most compelling version of 
Windows ever produced, and it will be an 
excellent computing platform for years to 
come. V 
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PAULTHURROTT (thurrott@windowsitpro 
.com) is the news editor for Windows IT Pro. 

He writes a weekly editorial for Windows IT Pro 
UPDATE (www.windowsitpro.com/email) and a 
daily Windows news and information newsletter 
called Winlnfo Daily UPDATE (www.win 
informant.com). 


Meerkats 

Monitor. 


Don’t wait until it is too late, 
start monitoring today. 


AWARD-WINNING EVENT LOG MONITORING & CONSOLIDATION, 
SYSTEM HEALTH, ENVIRONMENT AND NETWORK MONITORING SUITE. 


All other trademarks are the property of their respective ov 



id States and/or other countries. 
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WINDOWS POWER TOOLS 


Minasi 


"Everyone understands the Set command! 

Right? But do you really?" 



Essential Environment Variable Control with Set 

This nearly 30-year-old command has only gotten better with age 


O ne of the most basic batch-file commands is Set—a 
circa-1982 tool that displays, sets, or removes environ¬ 
ment variables. Set has only gotten better with age, and 
in a way that most Set users are completely unaware of. 
So, here's a new look at Set—specifically, its abilities to 
generate random numbers and perform arithmetic. 

A Little Background 

Environment variables store installation-specific information such 
as what a machine's name is (i.e., computername), whether the 
system is a 32-bit or 64-bit OS (i.e., processor-architecture), and 
where the OS should look for executable programs (i.e., path). 
Environment variables tend to fall into three categories: those the 
OS depends upon (e.g., the three I just cited), those that third-party 
applications use, and those that Windows' batch files use. 

No matter how simple a programming language is—and Win¬ 
dows' batch language is among the simplest—that language needs 
a place for programmers to tuck away in-process data. Environment 
variables fill that role. However, a tool is necessary to get data into 
environment variables so that they're useful, and that tool is Set. 

I know what you're thinking. Everyone understands the Set com¬ 
mand! Come on! But do you really? Did you know that it can do 
arithmetic, or that it can perform substring operations on values 
in existing environment variables? Did you know that it can solicit 
input, or that it can generate random numbers? It can do all of those 
things—and more—but for now we'll focus on two of those capabili¬ 
ties, which reveal a couple interesting Set options. 

Generate Random Numbers 

Consider the simple batch file called guessnumber.cmd that Web 
Listing 1 (www.windowsitpro.com, InstantDoc ID 102597) shows. 
Copy this text to Notepad, save it to some folder on your path, and 
give the file the name guessnumber.cmd. Now, open a command 
prompt, type guessnumber, press Enter, and follow the prompts. It's 
a simple guessing game in which the batch file picks a random num¬ 
ber, prompts you for a guess, then tells you that your guess is correct, 
too high, or too low. (You should be able to guess the number in 16 
or fewer guesses.) It's not the most amazing game in history, but it 
does run on Windows Server 2008 Server Core. 

Consider this line, which picks the random number to guess: 

set gamevalue=%random% 


The key piece of this code is %random%, a function that generates a 
random number between 0 and 32,767. 

Once it generates the random number, the game needs to be 
able to repetitively ask the user for guesses. Prior to Windows 2000, 
batch files didn't offer a useful way to solicit input. Ever since Win2K, 
though, Set has had a useful input capability via its /p option: 

set /p latestguess=What do you think it is? 

This command looks like 

set /p environmentvariablename=[prompttext] 

The prompt is, "What do you think it is? “ Note the space after the 
question mark; it makes for nicer formatting. Whatever you type 
goes into an environment variable named latestguess. 

Perform Arithmetic 

I mentioned that, given a range of values (32,768 possible integers), 
anyone should be able to guess any value within 16 tries. Let's 
modify that game, restricting the user to no more than 16 tries. We'll 
need a bit of arithmetic to keep track of how many guesses he or she 
has made, and you can see the result in Web Listing 2 in a revised 
version of guessnumber. A quick look at the guessnumber2.cmd 
code—which I've written to be short rather than elegant (hey, I'm 
no rock-star developer)—shows that the two batch files are different 
only in a few lines that introduce a new environment variable named 
guessesleft. I introduce that variable in a statement that anyone who's 
worked with any Microsoft OS since DOS 2.0 will recognize: 

set guessesleft=16 

Set's new arithmetic abilities appear in this statement: 
set /a guessesleft=%guessesleft%-l 

The trick is the /a option, which lets you do not only addition, sub¬ 
traction, multiplication, division, and modulo computations, but 
also a few bitwise logical operations. 

I hope I've given you a couple reasons to revisit an old and 
trusted—but perhaps underutilized—friend in Set. Join me next 
month for a look at an enhanced version of Set called Setx! ^ 

InstantDoc ID 102597 


MARK MINASI (www.minasi.com/gethelp) is a senior contributing editor 
for Windows IT Pro, an MCSE, and the author of 25 books. 


www.windowsitpro.com 


We're in IT with You 


Windows IT Pro 


OCTOBER 2009 11 



TOP 10 



Otey 

"Using BitLockerTo Go, you can 
encrypt any data on USB drives, 
minimizing your security exposure." 


Windows 7 Tips 

Make the most of Windows 7 with Aero Snap, BitLockerTo Go, ISO burning, and more 


f you're making the move to Windows 7, you'll want to get 
the most out of Microsoft's highly anticipated new OS. I've 
been using Windows 7 since the first beta, so here are my 
favorite tips for getting the most out of it. These tips can 
make you more productive and also help you take advan¬ 
tage of some of Windows 7's most important new features. 

Protect your USB drives with BitLocker To Go —If you're any¬ 
thing like me, you have a number of USB flash drives and have 
lost several as well. Using BitLocker To Go, you can encrypt any 
data on such drives, minimizing your security exposure. You encrypt 
a USB drive by opening Computer, right-clicking the drive, then 
selecting the Turn on BitLocker option. 

O Use the Problem Steps Recorder— How many times have you 
had to endure lengthy phone conversions to understand a 
user's problems? The new Problem Steps Recorder lets users 
record their actions in a series of screen captures that can be easily 
emailed to support. To run the Problem Steps Recorder, enter psr in 
the Start menu Search box, then click the Start Record button. 

O Use Aero Snap side-by-side docking —Aero Snap side-by-side 
docking is a newUI feature that makes it easy to compare docu¬ 
ments. To use it, you grab a window and drag it until the mouse 
arrow leaves the screen. Alternatively, select a window, then press 
Windows key (Win)+Left Arrow or Win+Right Arrow. You release 
docked windows by clicking the title bar and shaking. 

O Connect to a projector with a keyboard shortcut —If you use 
different computers to show PowerPoint presentations, you'll 
like Windows 7's new projector connection hot key. Instead of 
searching for each vendor's monitor management hot key, you can 
always use Win+P to bring up Windows 7's Switch Display dialog 
box. 

O Monitor your system performance with Resource Monitor— 

If you like Task Manager's Performance tab, you'll love the 
more detailed information provided by Resource Monitor. 
It's multi-core aware, and in addition to showing CPU utilization 
and running tasks, it shows memory, disk, and network utilization 
levels. To run Resource Monitor, type resmon in the Start menu's 
Search box. 


O Make a shortcut to Manage Networks —In Windows 7, it's 
pretty easy to create a new desktop shortcut to Manage 
Networks. From the Start menu, click Network, Network 
and Sharing Center, Change adapter settings, then right-click in the 
address bar and select Copy Address. Finally, right click the desktop 
and select Paste Shortcut. 

O Mount VHD files —Mounting Virtual Hard Disk (VHD) files 
lets you read and write to VHDs as if they were standard disk 
volumes. To mount a VHD, run Disk Management by typing 
diskmgmt.msc into the Start menu Search box. Select the Action, 
Attach VHD menu option, then browse for your target VHD. You can 
also set up the system to boot from a VHD. 

O Launch programs with elevated rights —Windows 7 includes 
a friendlier, less chatty User Account Control (UAC). How¬ 
ever, in many cases you still need to run programs as an 
administrator. Launching Command Prompt as administrator is 
pretty straightforward: Right-click the program and select Run as 
administrator. It's not so obvious that you can also launch programs 
with elevated rights through Windows Explorer and the taskbar by 
pressing Ctrl+Shift and clicking the program. 

O Burn ISO Images —Windows 7 has ISO burning support 
built-in to the Windows Explorer shell. To burn an ISO image, 
double-click any file ending in the .iso extension to open the 
Windows Disc Image Burner dialog box. Select the drive, then click 
Burn to write the ISO image to disk. 

O Create a system repair disk— A system repair disk can be a 
lifesaver if your system crashes. You can create a Windows 7 
system repair disk be either using the Start, Maintenance, Cre¬ 
ate a System Repair Disc option or by typing system repair into the 
Start menu Search box. When the Create a system repair disc dialog 
box appears, insert a blank disk into your write-capable CD or DVD 
drive, then click Create disc. ^ 
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Smarter technology for a Smarter Planet: 

Is your information 
withholding information? 

Most businesses have a data management strategy. And another. And another. One for every application: 
ERP, CRM, SCM, HRM, etc. The result is a proliferation of siloed, disjointed data that gets in the way of 
smart decisions. An Information Agenda from IBM moves you from an application-centric approach to your 
information toward a more holistic view of your information systems. So you can make use of your data 
to make decisions faster and with greater confidence - helping you optimize processes, predict market 
changes and act on new opportunities. Banks can better manage financial risk. Retail companies can 
spot trends. Manufacturing companies can speed delivery across a complex supply chain. So information 
works for us, instead of vice versa. 


\ I / 




A smarter business needs smarter software, systems and services. 
Let’s build a smarter planet, ibm.com/infoagenda 
















Mordlcs WHAT W0ULD microsoft supp ° RT d ° ? 

"Knowing the name of a WMI provider 
DLL can help you find out whether a 
problem is a known issue or updates 
for the binary are available." 


Find the Binary File for Any WMI Class 

Identify a WMI class's DLL binary to help you troubleshoot WMI-process-related 
problems 


O ne of the really frustrating aspects in troubleshoot¬ 
ing any Windows Management Instrumentation 
(WMI) issue is trying to determine which binaries are 
responsible for supporting the hundreds of classes 
registered in any given system. Each class in WMI 
has a corresponding WMI provider, which is simply 
a COM object and usually in the form of a DLL binary. Since WMI 
providers are COM objects, the main task will be to find the GUID 
registered for the binary, 
then search the registry for 
that GUID. 

One typical problem 
with WMI is high CPU 
utilization. You may 
have experienced a high- 
CPU problem where the 
WMIPrvse.exe process 
was spiking the CPU, 
and you might have even 
known what WMI query 
generated all the CPU 
activity. But how do you 

find the actual DLL binary responsible for the class being que¬ 
ried? And why is knowing the DLL important? Knowing the 
name and location of a DLL will provide you information such 
as which vendor the binary belongs to, which will enable you 
to find out whether updates are available for the binary and 
whether the problem you're experiencing is a known issue 
and has been fixed already. Simply doing an Internet search 
on "high cpu wmiprvse.exe” might return too many hits, none 
of which could be your problem. However, if you can include 
the exact DLL name in your search—for example, "high cpu 
wmiprvse provider.dir'—the search results are more likely to 
return more accurate and relevant information. Let's look at 
howto find the DLL binary for a WMI class by walking through 
an example. 

Enabling Logging to Find the Class Namespace 

The first step in finding the DLL of a particular class is to 
understand which namespace the class resides in. To accom¬ 
plish this, we must enable logging. Here's how you do it. 


For Windows Server 2003 and Windows XP: You can enable 
verbose logging through the WMI Control called WMIMgmtmsc. 
Click the control's Logging tab, then click the Verbose radio button. 
You'll notice entries in the Wbemcore.log file such as the following, 
indicating which namespace is being queried. 

ConnectionLogin:NTLMLogin - wszNetworkResource = root\cimv2 

For Windows Vista and Windows Server 2008: The logging 
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Figure 1: WMI logging 
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Smarter technology for a Smarter Planet: 

Building the extraordinary 
into everyday things. 

By next year, the average car will require over 100 million lines of software code, and a commercial 
airplane, over 1 billion. It’s approaching the point where a car or a plane isn’t simply a car or a plane 
anymore. What makes them truly unique is the underlying software—the invisible thread—that infuses 
them with intelligence. In the past year alone, 66% of the products developed included embedded 
software. Today, software is a core strategic business asset. Unfortunately, 41% of software projects 
fail to deliver the expected ROI. Only IBM has the experience, the resources and the solutions to build 
more effective software design and delivery processes for the world’s leading businesses. 


A smarter business needs smarter software, systems and services. 
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■WHAT WOULD MICROSOFT SUPPORT DO? 
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mechanism is new in Win¬ 
dows Vista and Server 2008, 
which now have what are 
called Analytic and Debug 
logs. These logs have replaced 
the previous verbose logging 
in Windows 2003 and XP. 

For detailed steps on how to 
enable the WMI Analytic and 
Debug logs on Windows Vista 
and later, see the Windows 
Management Infrastructure 
blog post "Is WMIprvse a real 
villain?" at blogs.msdn.com/ 
wmi/archive/2009/05/27/ 
is-wmiprvse-a-real-villain 
.aspx. 

For testing purposes, I've 
created a sample WMI class 
called InstProvSamp. In Fig¬ 
ure 1, page 14, notice the 
event that logs the WMI query 
to the class (select * from InstProvSamp) and 
the namespace where the class resides (\\ 
root\default). 

Finding the Provider DLL 

Now that we have the WMI class and 
namespace, we can start our search for the 
provider DLL. Every WMI class has a quali¬ 
fier called provider, which is the name of 
the provider but not necessarily the binary 
name. We need to find out what the qualifier 
name is for our test class (InstprovSamp), 
and we can use wbemtestexe to do so. 

Run wbemtest.exe, connect to root\ 
default, then click the Open Class button. 
Enter the class name—in our example, Inst- 
ProvSamp. Click OK, and now notice that 
the Object editor opens 
for this class. As you can 
see in Figure 2, page 14, 
under the Qualifiers, there 
is a "provider" string called 
InstProvSamp. Here, the 
provider name is the same 
as the class name, but usu¬ 
ally this isn't the case. 

Now we need to get the 
class identifier or CLSID 
of the provider from the 
provider name. To do so, 
you submit a WMI query 
for the system class called 
__Win32Provider, which 
will contain the CLSID or 
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CLSID. We can use regedit 
.exe to pinpoint our search 
directly to the COM regis¬ 
tration information and get 
right to the exact name and 
location of the WMI provider 
binary, as Figure 4 shows. 

As I mentioned, the pro¬ 
vider binary name doesn't 
always match the class name. 
For instance, the registry pro¬ 
vider is defined under the 
root\default class, and the 
__Win32Provider name is 
RegProv. However, the actual 
DLL name is STDPROV.DLL 
and is located under the c:\ 
windows\system32\wbem 
directory. 


Figure 3: Object editor for_Win32Provider.Name 


GUID of the provider COM object. Run wbe- 
mtestexe, connect to the target namespace 
(root\default), click the Query button, and 
issue the following query: 

Select * from Win32Provider where 

name="InstProvSamp" 

In the query result box, you'll see an entry 
like the following: 

_Win32Provider.Name="InstProvSamp" 

Open the Object editor by double-clicking 
this entry, as Figure 3 shows. 

Notice the CLSID entry pointing to the 
GUID that we need; every COM object 
places a registration entry under HKEY_ 
LOCAL_MACHINE\SOFTWARE\Classes\ 


More Uses 

There are several reasons 
why you might need to find the binary name 
for a given WMI class; I only mentioned 
CPU utilization as one possible scenario. 
Although your scenario may be different, 
the steps I've described will work to find the 
WMI provider binary name and location 
for every scenario. Good luck, and as usual 
please feel free to contact me regarding this 
article or any of my previous articles. ^ 

InstantDoc ID 102615 


MICHAEL MORALES (morales@microsoft 

.com) is a senior escalation engineer for Micro¬ 
soft's Global Escalation Services team. He spe¬ 
cializes in advanced Windows debugging and 
performance-related issues. For information 
about Windows debugging, visit blogs.msdn 
.com/ntdebugging. 
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Figure 4: CLSID registration 
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READER TO READER 


Use Group Policy to Deploy 
Commonly Used IE Plug-Ins 

A common pain among IT pros is central 
installation of commonly used Internet 
Explorer (IE) plug-ins. After some research 
I found out that Sun Microsystems'Java 
Runtime Environment (JRE), Adobe Flash 
Player, and Adobe Shockwave Player can be 
deployed with Group Policy. 

If you're looking to use Group Policy to 
deploy JRE, Windows IT Pro has already pub¬ 
lished an excellent guide in "Use Group Poli¬ 
cy to Distribute JRE With Its Auto¬ 
matic Update Feature Disabled' 
(windowsitpro.com/article/ 
articleid/100550/100550 
.html). I mention it here only 
because it's a web-exclusive 
article, so busy IT pros who 
mainly read the print edition 
might have missed it. 

Flash Player and Shockwave 
Player can be easily deployed with 
Group Policy. It's not widely known that 
Adobe makes them available as Windows 
Installer (.msi) packages. All you have to do is 
register on Adobe's website (www.adobe 
.com/products/players/fpsh_distribution1 
.html) and apply for a player license. (It's 
free.) You can then download the .msi files 
for Flash Player and Shockwave Player. Save 
these files in a shared folder on a server. 

Next, you need to create a new Group 
Policy Object (GPO) or edit an existing one. 


Be sure the GPO is linked to the correct 
level (domain, site, or organizational unit— 
OU). To edit the GPO, go to Computer 
Configuration\Policies\Software Settings\ 
Software installation if you're using 
Windows Vista or Windows Server 2008. In 
earlier Windows OSs, the equivalent path 
is Computer ConfigurationVSoftware Set- 
tings\Software installation. Right-click the 
Software installation node and select New, 
then Package. Type the Universal Naming 
Convention (UNC) path to the .msi file.Type 
an explanatory name to distinguish 
the application and version (e.g., 
Flash Player vl 1.0) and click OK. 
On the next reboot, the com¬ 
puters that this GPO applies to 
will install the player automati¬ 
cally. 

I recommend that you first 
deploy the package to a 
few computers for testing 
purposes before deploying 
it to all of them. Afterward, 
you can visit the "Test Adobe 
Shockwave & Flash Players" web page 
(www.adobe.com/shockwave/welcome) 
or the "Version test for Adobe Flash Player" 
web page (kb2.adobe.com/cps/155/ 
tn_15507.html) to verify the installation. 

If you need to later upgrade Flash Player 
or Shockwave Player, the procedure is the 
same. However, I recommend that you first 
remove the older version by deleting the 



"It's not widely known that Adobe makes 
Flash Player and Shockwave Player 
available as Windows Installer packages." 


175 Free Tools for the Taking 

You probably know that the Tool Time 
column highlights free tools, but did you 
know that you can also find information 
about free tools in other articles on the 
Windows IT Pro network? In case you 
missed them, here are some of them: 

• If you work with virtual machines (VMs), 
check out the 29 tools in "Virtualization 
on the Cheap" (InstantDoc ID 101561), 
"More Free Virtualization Tools" (101995), 
"Free Virtualization Utilities" (98015), 
and "Free Hypervisors Extend Your IT 
Resources" (101590). 

• "Cool Free Tools for Windows Admins" 

(102227) highlights 10 utilities you can 
use to perform a variety of tasks, such 
as restoring desktop layouts and recov¬ 
ering deleted files. 

• "8 Absolutely Cool,Totally Free Utilities" 
(50122), "8 More Absolutely Cool,Totally 
Free Utilities" (96628), and "Yet Another 
8 Absolutely Cool, Totally Free Utilities" 
(99341) spotlight a wide assortment of 
tools to manage and secure a Windows 
environment. 

• If you write scripts, look into the 13 
tools recommended in "Script Writers' 
Favorite Free Utilities" (94958). 

• If you work with SharePoint, take 
a look at the seven tools in "Free 
SharePoint Archiving Tool Aims to Cut 
Bloat" (102550), "SharePoint Freebies 
Someone You Might Know Might Want" 
(102537), and "More SharePoint Free¬ 
bies Someone You Might Know Might 
Want" (102537). 

• "Two Exchange Server Tools You Should 
Know About" (100132) and "Top 10 
Exchange Server 2007 Troubleshooting 
Tools" (97895) highlight some helpful 
utilities when working with Exchange. 

• "The Mega Guide to Free SQL Server 
Tools" (102244) includes 80 tools you 
can explore if your IT duties include 
working with SQL Server. 


Tell the IT community about the free tools you use, your solutions to problems, 
or the discoveries you've made. Email your contributions to r2r@windowsitpro.com. 

If we print your submission, you'll get $ 100. 

Submissions and listings are available online at www.windowsitpro.com. 

Enter the InstantDoc ID in the InstantDoc ID text box. 


To get a list of the tools discussed in 
each article, see the online version of this 
article. 

—Karen Bemowski, senior editor, Windows IT Pro 

InstantDoc ID 102627 
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package from the GPO and selecting the 
option to remove all installed instances 
rather than making the newest package a 
required upgrade for older versions. This 
will make your GPO a bit lighter and reduce 
the possibility of having leftovers from the 
earlier version on the computers. 

—Apostolos Fotakelis, systems administrator, 
Aristotle University of Thessaloniki, and 
freelance IT consultant 
InstantDoc ID 102605 

Find Document Handlers for 
Specific Users 

One side effect of improved 
per-user customization in 
Windows is that it's difficult 
to determine what ap¬ 
plication opens a specific 
document type for users. 

This can be crucial if 
you're attempting to 
monitor application usage 
to verify compliance with 
company policies or licensing 
restrictions, or predict breakage caused by 
old user customizations after application 
migrations. 

The central problem with finding the 
document handler used by an application 



for a specific user is that the information is 
stored in a location that isn't normally acces¬ 
sible from any context but that of the user. 
Windows uses the HKEY_CLASSES_ROOT 
(HKCR) registry subtree to determine what 
document handler to use, but this key is syn¬ 
thesized at logon by taking machine-wide 
settings from the HKEY_LOCAL_MACHINE 
(HKLM) subtree and overlaying user-specific 
customizations from the HKEY_CURRENT_ 
USER (HKCU) subtree. Although you can 
access the registry remotely, what you read 
will be based on either the HKLM key or your 
own HKCU key (if your profile was loaded) 
retrieved by that machine—not the 
logged-on user's key. 

To inspect user-specific registry 
data, the only realistic solution 
is to handle the inspection 
from the user's context.This will 
always return information that's 
correct from the user's stand¬ 
point. You can use code like 
that shown in Listing 1 in 
a logon script to perform 
this kind of user-based 
document-handler check. 

To make the document-handler check 
code work properly, you should custom¬ 
ize the extension value set in callout A to 


Alex K. 

Angelopoulos 


Listing 1: Code That Checks for User-Based Document Handlers 


Dim WshShell, WshNetwork, ClassName, OpenCommand 
Dim extension, data, server 

(A)extension = ".pdf" 

Set WshShell = CreateObject("WScript.Shell") 

Set WshNetwork = CreateObject("WScript.Network") 

(By OpenCommand = "undefined" 

On Error Resume Next 

ClassName = WshShel1.RegRead("HKCR\" & extension & "\") 

Dim filetypeBase 

' This reads the current handler, whether machine-wide or 
' selected for the specific user. Use "HKCU\Software\Classes\" instead 
' of "HKCR\" to get the handler explicitly defined JUST for the current user, 
' or use "HKLM\Software\Classes\" to get the handler defined 
' machine-wide, even if the user has a custom handler. 
filetypeBase = "HKCR\" 

If Err.Number = 0 Then 

OpenCommand = WshShell.RegRead(filetypeBase & ClassName _ 

& "\shell\open\command\") 

End If 

On Error Goto 0 

data = "user " & WshNetwork.UserName & " opens " _ 

& extension & " documents with: " & OpenCommand 
& " on system " & WshNetwork.ComputerName 

(CJserver = WshShell. ExpandEnvi ronmentStrings("%LOGONSERVER%") 

\ WshShell.LogEvent 0, data, server 

mV WScript.Echo data 


match the file extension of the handler you 
need to check. As written, the code will 
check the document handler for PDF files. 

Given the file-type extension, the 
code in callout B looks up the handler the 
same way Windows does—by checking 
the default open command for that file 
type. Specifically, the code first obtains 
the name of the class for the file type from 
the extension's registry key. The code then 
goes to that class's registry key to obtain 
the default open command and assigns 
this document-handler information to the 
OpenCommand variable. If the extension 
or the associated file type isn't correctly 
registered, the code will throw an error. If 
an error occurs, the code suppresses the 
error and assigns a value of "undefined"to 
the OpenCommand variable. 

Next, the code collates the extension, 
username, and document-handler informa¬ 
tion in a variable named data. In callout 
C, the code then sets the variable named 
server to the name of the logon server, then 
writes the data variable's contents to that 
server's Application log.The resulting mes¬ 
sages will look similar to 

user aka opens .pdf documents with: 
"C:\PROGRA~2\FOXITS~l\FOXITR~l\ 
FOXITR~l.EXE" "%1" on system X51 

Events logged from a Windows Script Host 
(WSH) script always use WSH as the source 
application. 

When you incorporate the code in 
Listing 1 into a logon script, you can oc¬ 
casionally check the logs to find the default 
application handling specific documents 
on a per-user basis on individual client 
workstations. If you want to find the docu¬ 
ment handler used by an application for a 
specific user but you don't want to incorpo¬ 
rate the code in Listing 1 into a logon script, 
you can comment out the code in callout C, 
uncomment the code in callout D, and run 
it on the user's machine. 

You can download the code in Listing 
1 from the Windows IT Pro website by go¬ 
ing to www.windowsitpro.com, entering 
102604 in the InstantDoc ID box, clicking 
Go, then clicking the Download the Code 
Here button. I wrote this code for use on 
Windows XP and later. 

—Alex K. Angelopoulos, IT consultant 
InstantDoc ID 102604 
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Figure 1: Sample output from DevCon 

Use DevCon To Install Device 
Drivers Remotely 

My company purchased smart card readers 
for an electronic signature application.To 
use the smart card readers, drivers needed 
to be installed. Because we had nearly 500 
computers, manually installing the drivers 
wasn't practical. To save a lot of time and 
manpower, we used DevCon (devcon.exe). 
This utility lets you query, load, and remove 
device drivers from the command line. 

DevCon isn't installed by default. 

You can install it from the Support\Tools 
directory on the Windows Server 2003 SP1 
CD-ROM or download it from the "The Dev¬ 
Con command-line utility functions as an 
alternative to Device Manager" web page 
at support.microsoft.com/kb/311272. (This 
web page also includes helpful information 
about how to use DevCon.) 

The solution we came up with involved 
putting DevCon and the driver on a share, 
then using a batch file to install DevCon on 
each user's computer. I'll describe the steps 
we took in case you run into a situation in 
which you have to install a driver on numer¬ 
ous machines. 

The first step was to put DevCon and 
the driver on a share so that they could 
be copied to users'systems. On the share, 
we created the carddriver\omnikey and 
carddriver\devcon directories, giving them 
Everyone - Read permissions. We put the 
driver file in the \\mainserver\carddriver\ 
omnikey directory and devcon.exe in the 
\\ma i nserver\ca rdd river\devcon d i recto ry. 

After the shares were prepared, we 
turned our attention to finding the hard¬ 
ware ID for the card reader. After some 


testing we discovered that if you plug in 
an unknown USB device (such as a smart 
card reader), click Cancel to close the New 
Hardware Found wizard, then run DevCon, 
you can obtain its device ID.The DevCon 
command we used was 

Devcon Find USB\* 

As Figure 1 shows, it produces a list of USB 
ports and the device IDs of the USB devices 
connected to those ports. In the sample 
output in Figure 1,1 highlighted the impor¬ 
tant elements. USB\VID_076B&PID_3021 
is the hardware ID. Smart Card Reader USB 

"If you plug in an 
unknown USB 
device, click Cancel 
to close the New 
Hardware Found 
wizard, then run 
DevCon, you can 
obtain its device ID." 

tells us that the hardware's driver hasn't 
been loaded yet. After loading the driver, 
this will read CardMan 3x21. (For more 
information about the various elements in 
device IDs, see the Reader to Reader article 
"Use DevCon to Manage Finicky Hardware," 
June 2009, InstantDoc ID 101652.) 



With the card reader's hardware ID in 
hand, it was time to write the batch file. 
UpdateCardDriver.bat, which Listing 2 
shows, first checks to see whether the driv¬ 
er is already present. If it exists, the script 
ends. If it doesn't exist, the batch file copies 
DevCon to the %systemroot%\system32 
directory on the user's computer, uses Dev- 
Con to install the card-reader driver, then 
removes the card reader. Although the card 
reader is removed, the driver stays in the 
system. If you don't remove the card reader, 
another card reader will be added to the 
system each time the computer restarts. 

UpdateCardDriver.bat needed to be 
executed on every computer on which we 
wanted to install the driver. Because we 
had nearly 500 computers, we chose to use 
a Group Policy Object (GPO) startup script. 
(For information about how to add a batch 
file to a GPO, see the web-exclusive article 
"Adding Startup Scripts to GPOs"at 
www.windowsitpro.com, InstantDoc ID 
27330.) After restarting their computers, 
users were able to attach and use the smart 
card reader hardware on any USB port on 
their system. 

You can download UpdateCardDriver 
.bat from the Windows IT Pro website. Go to 
www.windowsitpro.com, enter 102599 in 
the InstantDoc ID box, click Go, then click 
the Download the Code Here button. ^ 

—M. Hakan Can, system engineer, 
Siemens Ankara 
InstantDoc ID 102599 


Listing 2: UpdateCardDriver.bat 


If Exist %windir%\system32\drivers\cxbu0wdm.sys Then Goto end 
Copy \\mainserver\carddriver\devcon\devcon.exe %systemroot%\system32\devcon.exe 
Devcon Install \\mainserver\carddriver\omnikey\cxbu0wdm.inf "USB\VID_076B&PID_3021" 
Devcon Remove "USB\VID_076B&PID_3021" 

:end 
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■ Outlook 

■ Hyper-V 


■ Virtual Hard Disk 

■ Networking 

■ Exchange 


ASK THE EXPERTS ■ 


ANSWERS TO YOUR QUESTIONS 



Q. What does the gray Microsoft 
Office Outlook taskbar icon mean? 

A. After you install Microsoft Office 2007 
Service Pack 2, you'll see a new icon in the 
taskbar when you shut down Microsoft Of¬ 
fice Outlook 2007. The gray Outlook icon 
is a visual indicator that the outlook.exe 
process is still running on the system. 

Historically, Outlook has given con¬ 
sideration to third party add-ons when 
shutting down. Outlook would suspend 
shutdown while add-ons or out-of-process 
applications were still maintaining refer¬ 
ences to Outlook resources. Sometimes, 
this state would persist to the point where 
the user would finally choose to end the 
outlook.exe process using Task Manager. 
Restarting Outlook before the outlook, 
exe process ended would create a new 
outlook.exe process that couldn't access 
any Outlook resources (because they were 
still locked by the outlook.exe thread that 
was trying to shut down). Forcing Outlook 
to close using Task Manager increases the 
chance of PST/OST corruption. 

With Service Pack 2, Microsoft has 
improved the user experience when shut¬ 
ting down Outlook 2007. Outlook will no 
longer give third-party solutions all the 


time they need to release any references 
before shutting down. Some third party 
add-ons may require re-coding to adhere 
to this new shutdown strategy. 

This long-awaited change is a response 
to feedback from Outlook users over 
the last 10 years. The icon automatically 
disappears when the outlook.exe process 
is successfully terminated, so users can 
power down systems with confidence that 
they're not cutting off Outlook. Admin¬ 
istrators may even document that users 
need only wait for the Outlook icon to dis¬ 
appear from the taskbar before closing a 
laptop or powering down a workstations. 

This improvement in the Outlook user 
experience first appeared in the cumula¬ 
tive update released by Microsoft in Febru¬ 
ary (Microsoft Knowledge Base articles 
961752 and 967688) and is bundled into 
Office 2007 Service Pack 2 as well. 

—William Lefkovics 

InstantDoc ID 102159 

Q. If I'm using a differencing Virtu¬ 
al Hard Disk (VHD) and the parent 
VHD is corrupted, have I lost all the 
data in the differencing disk? 

A. Unfortunately, yes. Remember that a 
differencing disk has a child relationship 
to another VHD, and only new or modified 
data is written to the differencing disk. 

If the parent VHD is no longer available, 
the information in the differencing disk is 
incomplete and isn't usable. 

Data can be read from a differencing 
disk, but reading from the differencing 
disk will actually read the data from the 
parent disk, if the data hasn't changed. 
When you make a write, the data that has 
changed gets written to the differenc- 


Q. Why shouldn't I share the 
management NIC on Hyper-V 
with virtual machines (VMs)? 

A. The best practice for Hyper-V 
hosts is to have at least two NICs. One 
of the NICs should be used for the 
management of the host. This NIC 
should, for example, be used as the 
IP address you use to remote into the 
box or remotely execute Microsoft 
Management Console snap-ins. The 
other NIC should be bound to a vir¬ 
tual switch. This one will be used by 
VMs and not exposed to the host. 

It's possible to expose a virtual 
switch and make it visible on the 
Hyper-V host, allowing a single NIC 
to be used for both VMs and host 
management. This isn't recom¬ 
mended, however, because if VMs 
and the host share a NIC this way, the 
virtual switch controls the NIC.The 
virtual switch is part of the virtualiza¬ 
tion stack, so if there's a problem with 
your virtualization components, you 
can't connect through the manage¬ 
ment switch. That means you can't 
resolve your problem remotely. 

—John Savill 

InstantDoc ID 102580 

ing disk. This means that if you lose the 
parent, the only data in the child would be 
the delta blocks, which aren't useful. 

—John Savill 

InstantDoc ID 102530 

Q. How can I configure my com¬ 
puter to use a wireless connection 
instead of a wired connection 
when both are connected to net¬ 
works with default gateways? 

A. If you computer has wireless and wired 
connections, it's common to want to use 
the wired network if available, because it's 
generally faster than the wireless network. 
The network that's chosen for traffic when 
multiple networks exist with a default 
gateway is the network with the lowest 
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■ ASK THE EXPERTS 


metric. In Windows, this metric is deter¬ 
mined automatically by default, and wired 
networks have lower metrics than wireless 
networks, so your wired network will be 
chosen over your wireless network. 

You can change this behavior by modi¬ 
fying the TCP/IP settings of your network 
connections. As shown in Figure 1, access 
the Advanced properties of the TCP/IP set¬ 
tings for each network connection. If you 
want the wireless connection to be used 
over the wired, unselect the Automatic 
metric and set a lower value for the wire¬ 
less than for the wired. 

—John Savill 

InstantDoc ID 102528 

Q. How can I distribute changes to 
classifications to Exchange Server 
2007 Clients? 

A. Exchange Server 2007 introduced a 
new method of labeling messages that 
pass through the organization called mes¬ 
sage classification. (See my article, "Using 
Exchange and Outlook's New Message- 
Classification Feature," InstantDoc ID 
96458, for more about classification.) 

Don't confuse classifications with the 
Outlook client-specific categories. They're 
organization-wide labels that can be 
exposed to certain users. Classifications 
can be used by Exchange 2007 transport 


agents to control message flow. Message 
classifications are created on the Exchange 
Server and need to be exported to an XML 
file and distributed to Office Outlook 2007 
and Outlook Web Access clients for the cli¬ 
ents to use—this process isn't automated. 

So how can you distribute changes 
to message classifications to users that 
require them? There are two components 
to consider. First, clients that haven't 
previously been configured to use mes¬ 
sage classification need a registry entry 
on the Windows client. Second, changes 
made to the XML file that defines mes¬ 
sage classifications for the organization 
need to be propagated to clients that 
are already configured for message 
classification. 

The Policy key doesn't exist in the 
registry by default. The following registry 
entry will create the key and define the 
local client path to the Message Classifica¬ 
tion XML definition file. 

Windows Registry Editor Version 
5.00 

[HKEY_CURRENT_USER\Software\ 

Mic rosoft\0ffice\12.0\Common\ 
Policy] 

"AdminClassificationPath"="\. 
xml" 

"EnableClassifications"=dword: 
00000001 


"TrustClassifications"=dword:0 
0000001 

In addition, the actual XML file needs to be 
pushed out to those clients, as well to the 
path identified in the AdminClassification- 
Path value in the registry key. You need to 
use the actual file path for this value. For 
example, you could use c:\email\classifica- 
tion.xml. Of course, the XML file needs to 
match the name in this registry path also. 

The biggest deterrent for companies 
deploying message classification may well 
be the annoyance of manually maintain¬ 
ing updates for Outlook clients. However, 
after a company implements a useful set 
of classifications, they're probably not 
going to change very much over time. 
Message classification configuration can 
be implemented within the standardized 
corporate Windows client images used for 
deploying new workstations. Also, Win¬ 
dows domains have built-in tools for push¬ 
ing out registry changes and file updates 
such as Group Policy and Logon Scripting. 
Additional applications also maintain 
this functionality, such as System Center 
Configuration Server (formerly known as 
System Management Server) and the Of¬ 
fice 2007 Customization Tool (Office 2007 
setup with the/admin switch). ^ 

—William Lefkovics 
InstantDoc ID 102486 



Figure 1: Disabling automatic metrics 
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A Better 
BitLocker: 

BDE Enhancements 

Windows 7 and Server 2008 R2 
volume-level data encryption 

by Jan De Clercq 

I n Windows Vista and Windows Server 2008, Microsoft introduced 
BitLocker Drive Encryption (BDE), which offers volume-level data 
encryption for data stored on Windows clients and servers. BDE pro¬ 
tects the data when the systems are offline (when the OS is shut down). 
BDE also makes the OS itself more resilient in the face of attacks. When 
BDE is applied to the system volume, it provides a file-integrity check¬ 
ing feature that automatically assesses the status of boot files such as the BIOS, 
Master Boot Records (MBRs), and the NTFS boot sector when the system boots 
and before the OS starts. If a hacker has inserted malicious code in one of the 
boot files or has modified one of them, BDE will detect it and block the OS from 
starting. This feature is available only on computer systems that have a Trusted 
Platform Module (TPM) 1.2 chip—a special security chip that's part of most of 
today's PCs motherboards. 

BDE can also offer pre-OS boot multifactor authentication. Pre-OS boot 
authentication protects Windows from attacks that attempt to bypass OS-level 
access checks and get to the data on a Windows-protected volume by boot¬ 
ing from a Linux CD-ROM or floppy disk. For a broader introduction to BDE, 
see "Vista's BitLocker Drive Encryption" at windowsitpro.com, InstantDoc ID 
95673. 

The Vista release of BitLocker included some important shortcomings that 
hindered its widespread adoption. Let's look at how these shortcomings are 
addressed and the resulting BDE features in Windows 7 and Windows Server 
2008 R2. (All references to BDE features in Windows 7 in this article also apply 
to Windows Server 2008 R2.) 

Note that BDE isn't available in all Windows 7 versions. As in Vista, BitLocker 
is included only in the Windows 7 Enterprise and Ultimate editions—the two 
versions that target high-end home and business users. However, BitLocker 
support is included in all Windows Server 2008 R2 editions. 
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Vista BDE Shortcomings vs. 
Windows 7 BDE Features 

In the Vista BDE release, only a single vol¬ 
ume, the system boot volume, can be BDE- 
protected. In Vista SP1 and Server 2008, 
Microsoft added support for BDE protection 
of different volumes—including local data 
volumes. In Windows 7, Microsoft adds 
BDE support for removable data drives— 
memory sticks and external data drives—in 
a feature that Microsoft refers to as BitLocker 
To Go (BTG), which I discuss later. 

In the Vista BDE release, IT departments 
wanting to deploy BDE on their organiza¬ 
tion's Windows desktops were forced to con¬ 
sider the disk partitioning of their systems 
during Vista deployment. This is because 
BDE 1.0 requires an active and dedicated 
volume. This volume is referred to as the 
BDE system volume and is labeled as the 
S drive. In Vista and Server 2008, Microsoft 
recommends that you reserve at least 1.5GB 
of disk space for the BDE system volume. 

To ease the drive configuration when the 
OS is already installed, Microsoft released 
the BitLocker Driver Preparation Tool, 
which automates BDE system drive prepa¬ 
ration. The tool automatically shrinks the C 
drive, creates a 1.5GB S drive, moves boot 
files to it, and marks the drive as active. 

You can download it from the Microsoft 
website (microsoft.com/downloads/details 


.aspx?FamilyID=320b9aa9-47e8-44f9-b8d0 
4d7d6a75add0&displaylang=en.) In Win¬ 
dows 7, Microsoft integrated this tool in the 
BDE setup. 

To make using BDE easier and to com¬ 
pletely get rid of the repartitioning, Windows 
automatically creates (on a newly installed 
Windows 7 system, not an upgrade) the sep¬ 
arate active system partition that's required 
for BDE. (This partition is also leveraged 
by the Windows Recovery Environment— 
WinRE.) Microsoft has also worked with 
OEMs to ensure that new computer hard¬ 
ware preinstalled with Windows 7 ships 
with drives that are already correctly parti¬ 
tioned for BDE. 

It's also worth pointing out that in Win¬ 
dows 7, the BDE partition size has been 
reduced to 400MB when WinRE is enabled 
and to 200MB without WinRE. The BDE 
system partition is now hidden to users—it's 
no longer allocated to the S drive letter. 

Finally, BDE in Vista includes only a lim¬ 
ited set of recovery features. These features let 
users access their data on a BDE-protected 
volume after a PIN loss, TPM error, or boot 
file modification. All recovery mechanisms 
are rooted on a recovery password that can 
be stored on a USB token, or BDE users can 
simply write it down or remember it. 

Administrators can also use Active Direc¬ 
tory (AD) to centrally store the BitLocker 


recovery information of the machines in 
their domain. This recovery information is 
attached to the AD computer account and 
includes the password for each BitLocker- 
enabled drive, the TPM owner password (if 
a TPM is present and used for BitLocker), 
and information that links the recovery 
information to its corresponding volume. 

Windows 7 includes new Group Policy 
Object (GPO)-based mechanisms for BDE 
data recovery, which give organizations more 
centralized BDE data recovery management 
capabilities. The new GPO settings let admin¬ 
istrators maintain access to all BitLocker-pro- 
tected data located on computers in their AD 
domain, even if the AD computer accounts 
holding BitLocker recovery information are 
accidentally deleted. 

BitLocker To Go 

BitLocker To Go (BTG) is Windows 7's most 
visible new BitLocker feature. You can use 
BTG to encrypt data on removable hard 
disks and USB sticks. These devices often 
contain confidential information and can 
easily be lost or stolen. 

Just like BDE, BTG by default uses AES 
128-bit with Diffuser algorithm to encrypt 
the volume. This can be changed to AES 
256-bit, using a GPO setting. 

As opposed to BDE, which works only 
with NTFS-formatted drives, BTG also 
works with the 
exFAT, FAT 16, and 
FAT32 file systems. If 
you want to protect a 
device or drive with 
BTG, it must have at 
least 64MB of avail¬ 
able memory. 

The ability to 
encrypt a drive with 
BTG and to read and 
write data to it is 
available only in the 
Windows 7 Enter¬ 
prise and Ultimate 
Editions. 

Other Windows 
7 editions just let 
you unlock a BTG- 
protected drive and 
read the data on it. 

You can start the 
BTG encryption pro¬ 
cess of a removable 



Figure 1: BitLocker Control Panel applet 
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SSL-encrypted and highly performant 


HOG 


HOB RD VPN 
Desktop-on-Demand 

Don’t Go To My PC - 
Go Directly To Your PC! 

With HOB RD VPN Desktop-on-Demand 
you can access your desktop from 
anywhere. If your computer has been 
powered down, you can remotely start it. 


The data are encrypted with SSL, and the default port 443 is 
used. 

The RDP protocol is used for obtaining access with optimum 
performance. 


This HOB software is browser-based and platform-independent, 
meaning you can access your data from Windows, Macs or even 
Linux machines. 

The highly performant RDP Java client HOBLink JWT is 
integrated in HOB RD VPN. 


When you access your desktop, you can use the clipboard 
and print or transfer files over the Local Drive Mapping 
feature. 


HOB RD VPN 

Secure Remote Access 

The Secure and Comprehensive 
Remote Access Software Suite! 


HOB RD VPN is a software product, not 
a hosted service. This means your data 
remains fully in your hands, under your 
control and nobody else’s. 


HOB RD VPN also provides: 
Windows Terminal Server Computing (WTS) 
VDI (Virtual Desktop Infrastructure) 
Web Server Gate for accessing internal Web servers 
File exchange with Web File Access 
VT/SSH as a Java client (ideal for administrators) 
HOB PPP Tunnel for universal network access 
Standard emulations in Java (3270, 5250, VT, 9750) 

www.hobsoft.com/DoD 


The desktop acts as an RDP server for Windows XP, Windows 
Vista and Windows 7 (Exception: the Home Editions). 

Even if your desktop is not running a Windows OS, HOB has a 
solution: HOB X11 Gate for Linux or HOB MacGate for Mac 
OS X. 

These add-on components from HOB allow you to access 
non-Windows desktops over the highly performant RDP 
protocol. 


HOB RD VPN is Common Criteria certified. 


Clientless and platform-independent 
No administrator rights required 


Easy data transfer and local printer 
support 


Desktop-on-Demand for 
Windows, Linux and Mac 
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Figure 2: BitLockerTo Go (BTG) Reader interface 


drive by going to the System and Security 
Control Panel applet in the BitLocker Drive 
Encryption item and finding the BitLocker To 
Go section, which Figure 1, page 26, shows. 
This lists all USB sticks and external hard 
disks connected to your system that can be 
secured using BTG. When you click Turn 
On BitLocker, Windows starts the BitLocker 
Drive Encryption wizard. 

The wizard first initializes the drive, then 
prompts you for an unlock mechanism. 
You can unlock a BTG-encrypted drive 
by using a password, by using a secret key 
that's stored on a smart card, or by using a 
combination of both. 

Then the wizard asks you to save or print 
the 48-digit BTG recovery key. (Note that 
recovery information can also be stored in 
AD if you enable this option in the BDE GPO 
settings.) Finally, the wizard prompts you 
with Are you ready to encrypt this drive? 

Clicking Start Encrypting begins the 
encryption process. This is a time-consum¬ 
ing process: It might take hours to complete 
depending on the disk size and computer 
speed. The good news is that, just like BDE, 
BTG decrypts instantly when you access a 
file on a protected disk or volume. 

When you insert a BTG-protected mem¬ 
ory stick or attach the removable hard 
disk, Windows 7 prompts you to type your 
password or insert your smart card. You 
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can also configure Windows 7 to automati¬ 
cally unlock a BTG-protected drive through 
the Manage BitLocker option in the drive's 
context menu or in the Control Panel. From 
the Manage BitLocker dialog box, you can 
also remove or change the BTG unlock 
password, save or change the recovery key, 
or add a smart card for unlocking the BTG- 
protected drive. 

When you use BTG to encrypt a remov¬ 
able device, Windows 7 copies a utility 
called BitLockerToGo.exe to the device. This 
utility is the BitLocker To Go Reader, which 
lets you access the protected data on the 
device from a Vista or XP system. When you 
insert a BTG-protected USB token or attach 
a BTG-protected disk drive to a Vista or XP 
system, the BitLocker To Go Reader pops up 
and prompts you for the unlock password. 
Unlocking a BTG-protected drive using a 
smart card isn't possible when using the 
BitLocker To Go Reader from Vista or XP. 

After you provide your password, the 
BitLocker To Go Reader decrypts all content 
and displays it in the dialog box that Fig¬ 
ure 2 shows. An important restriction is that 
the BTG Reader permits you only to drag 
files from the protected media and drop 
them on another location on the Vista or XP 
system, for example on the user desktop. On 
the desktop, the files and folders are no lon¬ 
ger encrypted and protected. Also, you can't 

We're in IT with You 


copy objects back 
to BTG-encrypted 
drives after you 
change them. Writ¬ 
ing to BTG-protected 
drives is possible only 
from a system that 
runs Windows 7 Ulti¬ 
mate or Enterprise 
editions or Windows 
Server 2008 R2. 

Microsoft put 
some clever software 
engineering behind 
the BitLocker To Go 
Reader, reengineer¬ 
ing part of the Bit¬ 
Locker architecture 
to make it work with 
FAT volumes (FAT is 
the file system typi¬ 
cally used on USB 
tokens). Microsoft 
modified the Bit¬ 
Locker architecture to overlay what it calls a 
"discovery volume" onto the original physi¬ 
cal volume. In the BitLocker To Go Reader, 
this volume is the C_Drive, which you can 
see in Figure 2. The discovery volume is 
automatically created when a FAT drive is 
encrypted; it contains the BitLocker To Go 
Reader and a readme file. If you want to see 
these files and how the encrypted informa¬ 
tion is really stored on the BTG-protected 
volume, look at the content of the volume 
from the command line using the dir /AS 
command (the AS switch displays hidden 
system files). 

Better Centralized Management 

Windows 7 includes an extended set of Bit¬ 
Locker GPO configuration settings. To find 
them, open gpeditmsc to open the Local 
Group Policy Editor. They are located in the 
GPO Administrative Templates\Windows 
Settings\Windows Components\BitLocker 
Drive Encryption container. This GPO loca¬ 
tion now holds three subcontainers for 
storing the BDE configuration settings for 
fixed data drives, OS drives, and removable 
data drives. 

The new GPO settings can control many 
different BDE and BTG parameters, includ¬ 
ing the use of unlock passwords and smart 
cards on fixed and removable data drives, 
whether the BitLocker To Go Reader is 
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Figure 3: Configuring the GPO setting for recovery of BitLocker-protected fixed drives 


installed on remov¬ 
able data drives or 
not. An interesting 
GPO setting is Deny 
write access to remov¬ 
able drives not pro¬ 
tected by BitLocker. 

This setting lets orga¬ 
nizations configure 
removable drives as 
Read Only unless 
they are secured with 
BTG. You can use this 
setting to ensure that 
sensitive or confiden¬ 
tial corporate data 
is write-protected 
when an employee 
inserts a USB token 
accidentally on the 
wrong machine. 

Windows 7 BDE 
also includes a new 
data recovery agent 
feature that allows 
centralized recov¬ 
ery of the BDE- 
protected data in an 
organization. It can 
be centrally config¬ 
ured using a Group 
Policy Object (GPO) 
setting that can be 
set from the Computer Configuration\ 
Windows Settings\Security Settings\Public 
Key Policies\BitLocker Drive Encryption 
GPO container. You can define a BitLocker 
data recovery agent by right-clicking this 
container and selecting Add Data Recovery 
Agent, which starts the Add Recovery Agent 
Wizard. 

The BitLocker data recovery agent GPO set¬ 
ting is used to distribute a data recovery agent's 
public key certificate to all BitLocker-enabled 
Windows machines in the organization's AD 
domain. To unlock access to a BitLocker (BDE 
or BTG)-protected volume, the data recovery 
agent can use the data recovery private key 
that’s linked to the recovery agent certificate 
and stored in the recovery agent's user profile. 
This ensures that an organization can get access 
to BitLocker-protected data even if the recovery 
information stored in an AD computer account 
is deleted. 

Before you can use BDE data recovery 
agents, you need to ensure that the following 


BitLocker GPO settings are configured: 

• Enable data recovery and the use of a data 
recovery agent, which Figure 3 shows. The 
GPO setting you use to do this depends 
on the volume type you want to secure 
with BDE/BTG: Your options include 
Choose how BitLocker-protected operating 
system drives can be recovered; Choose 
how BitLocker-protected removable data 
drives can be recovered; or Choose how 
BitLocker-protected fixed data drives can 
be recovered. 

• Define a BitLocker identification field in 
the GPO setting titled Provide the unique 
identifiers for your organization GPO. 
This setting associates a unique identi¬ 
fier to a new drive that's protected with 
BitLocker. These actions are required for 
the management of data recovery agents 
on BDE/BTG-protected drives. 

In addition to the GPO and GUI manage¬ 
ment changes that I already mentioned, 


Microsoft also extended the capabilities 
of the command-line utility Managebde, 
as well as the Windows Management and 
Instrumentation (WMI) provider for Bit¬ 
Locker. 

A Better BitLocker Experience 

The new BitLocker features in Windows 7 
and Windows Server 2008 R2 provide a bet¬ 
ter user and administration experience than 
in the Vista version. As part of a multilayer 
security defense, BitLocker’s benefits are 
well worth having. ^ 

InstantDoc ID 102534 
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Plan and Execute an 

CTIVE DIRECTORY 

PARTI by Eric B. Rux 



PREPARATION is key to 
combining AD domains 
from 2 companies 



I n today's business culture, it's not uncommon for compa¬ 
nies to merge or for one to buy another. One day, you're 
an administrator taking care of your Active Directory (AD) 
domain and Microsoft Exchange Server organization, and 
the next thing you know, you have to figure out a way to 
merge two companies. Now what? 

This two-part series explores some of the ins and outs of an AD 
and Exchange Server migration. The procedures I demonstrate 
aren't the only way to perform a migration. In fact, no two migra¬ 
tions are ever the same. My intention is to paint a picture and 
help you set up a simple migration in a lab environment. Running 
through the process and learning how the different tools work will 
help you plan a migration for your unique situation. 

Planning Is the Key 

Merging two AD domains is fairly easy; doing it while the network is in 
use is a litde more difficult. I explained it to my wife this way: Changing 
out a car engine is pretty simple. The process is well-documented, 
and there are tools to help you do the job right. But changing out the 
engine while the car is traveling 60 miles per hour—and doing it so the 
occupants don't notice? That takes a bit more planning to pull off. 

You can't overstate the need for detailed planning on a project as 
complicated as a company merger, particularly with tasks involving 
the IT departments. If you shortcut the planning process, you'll pay 
for it eventually. Some things to plan for are 
• training for the technicians performing the migration 
• scheduled outages 

• company cultural differences such as who's allowed access to 
AD and Exchange, or how file system security is set 
• network differences between the two sites 


• network, AD, or Exchange anomalies 

• customer and employee communication 

For this scenario, the big company that purchased the smaller 
company is called New.com and the small business that was pur¬ 
chased is called 01d.com. We'll assume that the network engineers 
have solved the connectivity issues with either a site-to-site VPN, 
Multiprotocol Label Switching (MPLS), or another secure solution. 
Nothing I describe can be completed without network connectivity. 

Easy Wins First 

An AD and Exchange merger can takes months to plan and imple¬ 
ment—a timeline that might not sit well with company manage¬ 
ment. Other departments are also combining business processes, 
and IT can become a bottleneck. To help smooth the immediate 
transition, try implementing some of the following easy wins that 
give the appearance of a combined enterprise. 

One company, one email A fast way to show the rest of the world 
that you're now one company is to make sure everyone has the 
same email suffix (e.g., new.com). Microsoft has a detailed article, 
"How to share an SMTP address space in Exchange 2000 Server or 
in Exchange Server 2003," (support.microsoft.com/kb/321721) that 
explains how to set up the recipient policy, a new SMTP virtual server 
in your Exchange organization, and contacts so that it appears to your 
customers and internal users that you have one email system. For set¬ 
ting up a similar structure in Exchange 2007 environments, see "How 
to Configure Exchange 2007 to Route Messages for a Shared Address 
Space" (technet.microsoft.com/en-us/library/bb676395.aspx). 

As Figure 1 shows, email for New.com still flows to the 
existing email server at New.com's headquarters. If a message comes 
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in for an employee of Old.comto a New.com 
address, the Exchange server forwards it to 
the 01d.com email server. When an employee 
of 01d.com sends a message, the primary 
address (aka reply-to address) is New.com. 
You'll eventually want to move all email into 
one Exchange organization, butthis trickbuys 
you some time to perform your migration. 

Free/busy information. Company 
mergers require excellent communication 
from both sides, which typically means 
lots of meetings. Unfortunately, separate 
Exchange organizations don't share free/ 
busy information by default. When an 
executive tries to schedule a meeting with 
someone from the other company, he or 
she is met with gray hash marks in Outlook 
instead of the distant user's schedule. 

You can create another easy win by shar¬ 
ing free/busy information between the com¬ 
pany's two halves. Microsoft provides a free 
tool called the Inter-Organization Replica¬ 
tion tool (www.microsoft.com/downloads/ 
details. aspx?familyid=e7a951 d7-1559-4f8f- 
b400-488b0c52430e) that replicates public 
folders and free/busy information. The tool 
isn't cluster aware, so if you're running 
an Exchange cluster, you'll need a stand¬ 
alone Exchange server to use for replication. 
When you set the username and password 
settings, be sure to preface the username 
with the domain name: DOMAINYUSER- 
NAME. 

Free/busy informationreplicatedbetween 
Exchange organizations can be as much as 
30 minutes old; be sure to communicate this 
detail to your users. The application comes in 


two parts: the Replication Configuration pro¬ 
gram and the Replication service. The Micro¬ 
soft article "Installing, configuring, and using 
the InterOrg Replication utility" (support 
.microsoft.com/kb/238573) walks you 
through using this tool. 

Trusts. Your business leaders need to 
share data files—documents, spreadsheets, 
presentations, and so forth—and they need to 
do it securely and not always through email. 
This process is simple after the domains are 
merged into one, but you need a solution 
to satisfy the immediate need. To grant a 
user from one domain permission to use a 
resource on another domain, you need to set 
up a forest or domain trust. I explain how to 
set up a simple forest trust later in the article. 

You might find other easy wins that you 
can quickly deploy. Take time to listen to 
the needs of the business and come up with 
solutions that buy you time to properly plan 
the full migration while helping the rest of 
the company with the transition. 

Moving Toward Migration 

When you’ve taken care of the immediate 
needs, it's time to get started with a detailed 
plan for the AD domain and Exchange orga¬ 
nization migration. If you have only a few 
users, computers, and servers, you might 
get away with simply adding those objects 
to your domain using scripts and other 
homegrown methods. But if you have a large 
domain, it’s worth your time to investigate 
third-party tools. Vendors such as Quest 
and NetlQ have products that can help you 
assess and even model your migration. 


Microsoft provides a free utility called 
Active Directory Migration Tool (ADMT), 
which might be sufficient for your needs 
instead of using a third-party product. 
The latest version, ADMT 3.1, provides 
support for 64-bit environments; you can 
find it in the Microsoft Download Center 
(www.microsoft.com/downloads/details 
.aspx?familyid=AE279D01-7DCA-413C- 
A9D2-B42DFB746059). Exchange Server 
has a built-in mailbox move tool, but 
there are third-party solutions for this task 
as well. However, the rest of this article 
assumes you're using ADMT and the built- 
in Exchange tools. The concepts should be 
similar for any product you choose. 

SID History to the Rescue 

If you can't migrate everything to the new 
domain within a few hours, you'll probably 
have to divide the migration into stages, with 
some users and system processes continuing 
to work from their original domains while 
others move to the new one. User and group 
migrations copy only the name of the object 
to the new domain; the objects themselves 
are actually brand new and, as such, they get 
a new SID from the new domain. This situa¬ 
tion can cause problems when migrated users 
try to access resources still in the old domain, 
which won't recognize the new SID. 

One solution is to use SID history. As 
Figure 2, page 32, shows, a user in the 
New.local domain that was migrated from 
the Old.local domain has two SIDs— 
the newly generated one for the New 
.local domain and the one from the old 
domain, now an attribute in 
SID History. When the user 
accesses a resource on the Old 
.com domain, the file server 
matches the SID from the old 
.com domain, and the user is 
granted access. To take advan¬ 
tage of SID history, you need 
to disable SID filtering between 
the domains so that the object's 
SID can be migrated to the new 
domain along with the object, a 
process I'll describe later in this 
article. 

Configure Name Resolution 
and Forest Trusts 

Now it's time to get to the migra¬ 
tion mechanics. Be sure to use a 
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Figure 2: A newly migrated user with two SIDs 


lab environment to familiarize yourself with 
the setup process. 

A 2-way trust between the domains is 
a requirement for domain migration. You 
might have established this trust earlier; if 
not, you'll do it now. Before you can create the 
trusts, both domains must be able to resolve 
Fully Qualified Domain Names (FQDNs) in 
the other domain. Use the Forwarders tab in 
the DNS server Properties dialog box to have 
each DNS domain point to the other. Figure 3 
shows the configuration where machines in 
the New.local domain can resolve machines 
in the 01d.local domain. When complete, you 
should be able to ping serverl.old.local from 
any machine in the New.local domain. 

To connect to a host name in the other 
domain without using the FQDN, add both 
domains (new.local and old.local) in the 
Advanced TCP/IP settings on each machine. 
This task can be tedious, so you'll do your¬ 
self a favor by using Group Policy for it. 

Use the Microsoft Management 
Console (MMC) Active Directory 
Domains and Trusts snap-in to create 2- 
way trusts between the domains. 

1. Log on to a domain controller (DC) 
on one domain (it doesn't matter which) 
and open Active Directory Domains and 
Trusts. 

2. Right-click the domain and choose 
Properties. 


3. Click the 
Trusts tab, choose 
New Trust, then 
click Next. 

4. Enter the 
FQDN of the other 
domain; this is why 
you need to have 
the DNS Forwarders 
set up properly first. 

5. For the trust 
type, choose Two- 
way. 

6. Choose Both 
this domain and the 
specified domain on 
the Sides of Trust 
page to create the 
trust simultaneously 
from both domains. 

7. Enter the other 
domain's admin¬ 
istrator username 
and password, then 

click Next. 

8. Review your settings, then click Next. 

9. Click Yes, confirm the outgoing trust, 
then click Yes, confirm the incoming trust so 
that the DC will ensure that your trusts are 
working correctly. 

10. Click OK to confirm the message 
about SID filtering; 
we'll disable SID fil¬ 
tering in a later step. 

Set Up the 
Password Export 
Server Service 

ADMT can cre¬ 
ate new, complex 
passwords for your 
migrated users, but 
you'll have to distrib¬ 
ute those passwords 
securely to your users. 

In my experience, 
migrating passwords 
from the old domain 
to the new domain 
is easier for every¬ 
one involved. When 
passwords are trans¬ 
mitted across the 
network, take com¬ 
fort in the fact that 
they're encrypted on 


the wire and, by default, users are required 
to change passwords on first logon. Here's 
how you doit: 

1. Log on as a domain administrator 
or equivalent to the computer on which 
ADMT is installed. 

2. At a command prompt, use the fol¬ 
lowing ADMT command to create the .pes 
file: 

admt key /opt:create /sd:old /kf:c:\ 

3. Copy the .pes file you just created to 
a DC in the source domain (old.local). 
Install the Password Migration DLL on the 
Password Export Server (PES) by running 
pwdmig.msi. PES can be downloaded from 
the Microsoft Download Center at www 
.microsoft.com/downloads/details 
.aspx?familyid=F0D03C3C-4757-40FD- 
8306-68079BA9C773; be sure to use the 
PES from ADMT 3.1 if you're running 
64-bit DCs. PES installation is quick and 
will prompt you for the .pes file that you 
created earlier. 

4. Specify that the Password Export 
Server service runs as a user with domain 
administrator privileges. You must use the 
domain\account format. 

You'll need to reboot the DC after install¬ 
ing the PES service, so be sure to plan for this 
downtime. The PES service is set to Manual 
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Forwarders are servers that can resolve DNS queries not answered by this 
server. Forward queries for names in the following DNS domains. 



New.. 


Remove 


DNS domain: 

]All other DNS dom ains 

'Old Domain 

To add a forwarder, select a DNS domain, type the forwarder's IP address 
below, and then click Add. 

Selected domain's forwarder IP address list: 

Add | 


132.168.1.200 


DNS Server for 
old Domain 


Remove 


Up 


Down 


Number of seconds before forward queries time out: 
I” Do not use recursion for this domain 



OK 

I 

Cancel 


Apply 


Figure 3: Setting up forwarders for DNS queries 


32 OCTOBER 2009 Windows IT Pro 


We're in IT with You 


www.windowsitpro.com 



























































LogMeln 

O Rescue 


Support 
PCs, Macs and 
smartphones 
free for 14 days 


Get your free trial: 

WinITPro. 

LogMelnRescue.com 



• Connect 
quickly 

• Solve 
issues 

• Delight 
end users 


TOP EIGHT 
REASONS 

to Upgrade Your 
Remote Support 


In too many IT organizations, remote client support is performed by a hodgepodge of legacy software, 
homegrown applications and technigues, and a mix of standalone tools supplied by vendors of specific 
devices and software. As IT has upgraded their capabilities, applications, and hardware, remote support still 
tends to be one of the last things to be addressed, even in enterprise environments, where the need for a 
consistent, usable, state-of-the-art solution is most necessary due to the need to support a large number 
and variety of devices. 



Cross-platform support 


Enterprise IT deals with a mix of device and operating systems. Not just Windows and Macintosh desktops 
and notebooks, but an ever growing number of mobile devices including smartphones running a mix of 
Internet-savvy operating systems. For example, Palm Valley Healthcare supports over 200 field nurses who 
depend on laptops and Windows Mobile devices for access to medical and billing applications. Techni¬ 
cians use LogMeln Rescue to remote control the nurses'devices and train them on application features. An 
enterprise-class remote support solution will have the ability to access all of the client devices IT is tasked 
to support. 



Reduced IT training time 


A mix of tools reguired to support client systems means that IT needs to be trained on each tool. With older 
legacy tools, skills and knowledge about how those tools are best applied are often lost as staff leaves or 
retires. Reducing the number tools reguired to perform remote client support reduces the amount of train¬ 
ing necessary and gets new IT staff up to speed more guickly. 


B Better end 


-user experience 


Users who need to deal with the IT helpdesk will be able to have a common experience regardless of what 
device they are reguesting support for. This improves their experience in dealing with IT and it increases the 
level of confidence that end users have in IT support knowing that a fast and easy response will be forth¬ 
coming. For example, at the Naval Postgraduate School, IT staff use LogMeln Rescue+Mobile to support 
350 BlackBerry smartphones. They also branded the Rescue+Mobile screens so they look like an internal 
application, providing a consistent user experience and fostering a sense of trust and acceptance. 
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Efl Improved IT 
itegration of 
geographically 
dispersed users 

One of the primary problems in large IT organizations 
is providing a consistent level of support for mobile, 
remote, and telecommuting users. A remote support 
application that is able to deliver services to any class 
of users or client devices simplifies the role of IT and 
allows cost-effective delivery of support services to 
these users. 


9 Logging and 
eporting 


With a mix of tools, it is practically impossible to do 
any after-the-fact problem analysis, develop heuristics 
on support efforts, or look for common problems that 
consistently reappear in specific situations. In order to 
do these things you need reliable reporting, logging, 
and auditing tools that apply across supported plat¬ 
forms. A single remote support application with good 
reporting and logging makes this possible. 



Improved IT support 


LogMeln 

O Rescue 


Try LogMeln Rescue free for 14 days 

• Support PCs, Macs and smartphones with 
one solution 

• Connect faster and conduct more support 
sessions at once 

• Provide a better experience for your end users 



Get your free trial: 

WinlTPro.LogMelnRescue.com 


With a comprehensive remote support solution, individual support technicians are able to handle more calls, more efficiently. Multiple support 
application session windows allow the technician to handle multiple support reguests simultaneously, which is especially useful when dealing 
with issues that reguire time-consuming software updates or patches on the client device. Top-tier solutions will allow automated routing of calls 
to subject matter experts; support reguests from smartphones, for example, will be routed to the designated smartphone support team, reducing 
the amount of time clients wait for appropriate support response. 



Improved management of the support process 


Quantifying the effectiveness of your remote support processes is a difficult task, especially when IT is working with multiple tools to provide that 
support. A single remote support tool with good administrative capabilities allows IT managers to track the effectiveness of their support technicians, 
assign techs, or groups of techs to specific task types, and monitor and record sessions to assure guality and provide material for training. 


More effective support services with better ROI 


By delivering more effective support services, with reduced training efforts, better user experience, and a flexible remote support infrastructure, IT is 
able to reduce the time and money spent doing support tasks while also making the support capabilities more expansive and flexible. This allows for 
the adoption of new client-side devices with no significant concern about the ability to deliver a high-level of support to those clients. A single, flexible, 
remote support application that address the vast majority of the problems that support technicians encounter reduces the percentage of the IT budget 
that needs to be committed to support and training. 
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Figure 4: Adding a target Domain Admins user account to the old (source) domain 


by default, so it won't start when the server 
reboots. In addition, you need to change 
the following DWORD registry subkey to 
1: HKEY_LOCAL_MACHINE\System\Cur- 
rentControlSet\Control\LSA\AllowPass- 
wordExport. For security reasons, Microsoft 
recommends that you keep the PES service 
off and the registry subkey set to a value of 0 
until you're ready to migrate passwords. For 
additional information, see the Microsoft 
article “How to use Active Directory Migra¬ 
tion Tool version 2 to migrate from Windows 
2000 to Windows Server 2003" (support 
.microsoft.com/kb/326480). 

Disable SID Filtering 

To allow the users and groups SID to pass 
back and forth between the domains, we 
need to disable a security feature called SID 
filtering on the source domain. From a DC 
on the old.local domain, type the following 
command: 

netdom trust old /domain:new 
/quarantine:No 
/UserD:Administrator 
/passwordD:P@ssword 

Although the code breaks here for space, you 
would enter it all on one line. If SID filtering 
has been disabled properly, you'll receive a 
message telling you SIDs are no longer being 
filtered. Note that Netdom isn't installed on 
Windows 2003 or Windows 2000 servers by 
default, but you'll find it on the server CD- 
ROM in the Support\Tools folder. 

Create a Migration Server 

I've found it easier to perform migrations 
from a dedicated server. It doesn't need to 
have a lot of power; a simple virtual machine 


(VM) running Windows Server 2003 Stan¬ 
dard is sufficient; ADMT won't run on 
Windows XP. Be sure to make the migration 
server a member of the target domain, New 
.com. Even though you have a trust between 
the two domains, always log on to the new 
domain when migrating objects from the 
old directory to the new one. 

There's also a small but very important 
step that must be completed on the old 
domain to let you migrate objects to the new 
domain: Add a target Domain Admins user 
account to the built-in Administrators group 
in the source domain, as Figure 4 shows. 

When you install ADMT on the migra¬ 
tion server, you have two choices for stor¬ 
ing the migration data. You can choose 
the free SQL Express for small and simple 
migrations or use a more powerful SQL 
Server version for large, complex projects. 
Which one you choose will depend on your 
specific scenario. To keep the example as 
simple as possible for this article, we'll use 
SQL Express. 

Prepare the Computers and New 
Domain for Migration 

The last step in preparing the environment 
for migration is to ensure that computers 
themselves are ready for migration. Newer 
versions of Windows have a firewall that 
blocks connection attempts by the ADMT. 
The ports ADMT uses aren't well-docu¬ 
mented. However, you can disable the XP 
firewall just long enough to perform the 
migration. To do so, create a Group Policy 
Object (GPO) that opens up the firewall and 
link it to an organizational unit (OU) called 
MigrationPrep, then move the computer to 
this OU right before you're ready to migrate. 


You'll also want to verify that the 
target OU is ready with all of the 
correct GPOs applied. 

The user performing the 
migration needs to have admin¬ 
istrator privileges on each com¬ 
puter that will be migrated, 
which can be done with a GPO 
linked to the MigrationPrep 
OU. I describe this method in 
“Adding a Global Group to the 
Local Administrators Group," 
windowsitpro.com, InstantDoc 
100759. The user performing 
the migration also needs to have 
permission to join computers to 
the new domain. 

According to Microsoft's ADMT Guide 
(availableatwww.microsoft.com/downloads/ 
details. aspx?familyid=BlF816C0-4E2B- 
4E5D-B256-1AC304062367), “All target 
domains must be operating at either the 
Windows 2000 native functional level, the 
Windows Server 2003 functional level, or 
the Windows Server 2008 functional level." 
This process is irreversible, so be sure you 
understand the consequences before rais¬ 
ing the domain functional level. To raise the 
domain level, open the MMC Active Direc¬ 
tory Users and Computers snap-in, right- 
click the domain (new.local), and select 
Raise Domain Functional Level. Choose 
Windows Server 2003 on the next screen, 
then click OK. 

Preparation, Preparation, 
Preparation 

As you can see, just the preparation for 
an AD migration can be a complicated pro¬ 
cess. You'll want to take time to try this out 
in a lab environment before attempting it 
in production. In the second part, I'll show 
you how to migrate the users, computers, 
and groups to the new domain. We'll also 
tackle the task of the Exchange portion of 
the migration. ^ 
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■ FEATURE 




You've got a 
workstation, Hyper-V, 
and Symantec 
Ghost—here's how 
you get from 
A to B using C 


Historically, such systems are little 
workhorses. They sit in a corner beyond 
the attention of admins, happily humming 
and gathering dust—until that fateful day 
when the ancient hardware finally packs it in. Rather than waste time and effort rebuilding 
the system (after tracking down the only technician who knows anything about it), a neat 
solution is to make a snapshot of the entire thing and dump it into a virtual machine (VM). 
Then you can eliminate the old hardware, and the system gets a new lease on life with some 
decent resources. 


The Problem 

I faced this situation recently when a desktop that contained the company's security database 
reached the end of its lease. The current IT department wasn't involved in the system's instal¬ 
lation, so we had litde understanding of the product, and we potentially faced a large amount 
of downtime to rebuild it because we would have had to source new hardware and get third- 
party technicians out to handle the data transfer and to configure a new installation. 


O ne of the most-discussed 
advantages of virtualization 
is consolidation—the ability 
to merge many systems into 
a few. Organizations usually 
consolidate servers, thereby 
saving the business big money on maintain¬ 
ing expensive enterprise infrastructure. But 
infrastructure isn't always made up only of 
hardworking, powerful server equipment. 
Most organizations have evolved over time, 
as have a wide range of supporting systems, 
such that many business environments 
have legacy Windows-based workstations 
running a couple of applications in the tra¬ 
ditional client/server model, servicing the 
handful of users who need those particular 
resources. 
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We were also worried about the security 
implications of sensitive data being stored 
on a physically accessible portable system, 
so we decided to perform a physical-to- 
virtual (P2V) migration to a VM running on 
Microsoft Hyper-Y The original system was 
a Pentium D-class desktop with 1GB of RAM 
running Windows XP Professional. Hyper-V 
fully supports this OS, and we were able to 
assign less RAM in the virtual environment 
because the original 1GB was overkill for the 
application's needs. 

We'd been running Hyper-V with Win¬ 
dows Server 2008 since April 2008, but we 
were still migrating our imaging procedure 
from Symantec Ghost Solution Suite to Win¬ 
dows Deployment Services (WDS). We had 
all the existing tools and utilities for ghosting 
but only a rudimentary WDS environment. 
It was mission-critical to minimize down¬ 
time, so we decided that we would move 
the system to Hyper-V using Ghost rather 
than Microsoft's imaging tools for WDS, and 
thereby take advantage of existing inhouse 
knowledge rather than spending time build¬ 
ing WDS skills for this one task. If it had been 
a more complex and time-consuming task, 
we would have made the time investment to 
work with WDS. 

The trick was to get the Ghost tools to 
the VM so that the system could talk back to 
the GhostCast server. We were deploying the 
DOS-based Ghost client across the network 
using WDS on Windows 2003 R2 in mixed¬ 
mode—the Symantec Ghost Boot Wizard 
lets you create bootable disk images using 
packet or network device interface specifi¬ 
cation (NDIS) 2.0 network drivers that are 
compatible with Microsoft Remote Installa¬ 
tion Services (RIS). The Ghost images were 
stored on a central GhostCast server that 
clients were connected to. It's a simple setup 
and lightweight, although you're faced with 
the problem of creating a new boot image 
every time you need to support a new NIC. 

Rather than tracking down compatible 
drivers for the virtual networking devices in 
Hyper-V, we decided to update things a bit 
and make use of Windows Preinstallation 
Environment (WinPE). The main advan¬ 
tages of WinPE in this situation were 

• It's free 

• It's based on the Windows kernel, so it's 
very flexible 

• It supports multiple hardware platforms 
and devices 


• It uses up-to-date hardware drivers 

• A WinPE boot image can be used from 
CD-ROM, an ISO image, or over the net¬ 
work via WDS 

• Did I mention it's free? 

The Setup 

Naturally, you'll need to make sure you have 
some prerequisites in place. To create a 
bootable WinPE image with the Ghost client 
and deploy it to a Hyper-V virtual system, 
you'll need the following: 

• Windows Automated Installation Kit 
(WAIK), which is a free download from 
Microsoft (microsoft.com/downloads/ 
details.aspx?FamilyID=94bb6e34-d890- 
4932-81a5-5b50c657de08). 

• A Symantec GhostCast server, which can 
be any workstation with Ghost installed 
and enough disk space to hold your 
images—it certainly doesn't have to be 
an enterprise system. The version of 
Ghost doesn't matter, but the later ver¬ 
sions have better file system support. 

The Ghost system can be a VM as well; 
the supporting platform doesn't matter. 

• Ghost32.exe, which is available on the 
GhostCast server. It's the 32-bit execut¬ 
able version of the Ghost client and runs 
as a standalone application. 

• A Hyper-V VM. This VM should have a 
network adaptor attached, but it doesn't 
need to be a legacy network adaptor 
unless you're planning to boot from the 
network; it also needs at least one virtual 
hard disk and should be able to contact 
the GhostCast server via the virtual net¬ 
work. The VM can run on Server 2008 or 
Hyper-V Server. 

• Vmguestiso, the CD-ROM image con¬ 
taining the Hyper-V guest integration 
components and drivers for the virtual 
hardware platform, which is found at 
C:\Windows\System32 on the Hyper-V 
host. 

• WDS running on Windows 2003 SP1 or 
Server 2008; OK, WDS isn't actually nec¬ 
essary because you can use a bootable 
CD-ROM (more on that later), but it's a 
useful way to deploy the WinPE image 
across the network. 

First, download and install the WAIK to 
an administrative machine; this can be the 
GhostCast system if the OS is supported, 
or any other workstation. It's packaged 


as an ISO image, so you can mount the 
image, extract the contents, or burn it to a 
disk with a free tool such as InfraRecorder 
(infrarecorder.org). From the AutoRun 
menu, select Windows AIK Setup. If the 
AutoRun menu doesn't launch automati¬ 
cally, double-click StartCD.exe. 

After the WAIK is installed, create the 
WinPE working structure by going to Start, 
All Programs (on Windows Vista or Server 
2008), Microsoft Windows AIK, Windows 
PE Tools Command Prompt to open a com¬ 
mand window with various WinPE tools 
loaded into the system path for easy access. 
Use the copype command to create a WinPE 
structure: 

copype x86 c:\winpe-x86 

This command creates the C:\winpe-x86 
folder and extracts the necessary files for a 
32-bit version of WinPE—the winpe.wim 
file, a Mount folder that you can use to 
mount the Windows Imaging Format (WIM) 
file via ImageX, an ISO folder that contains 
all the files needed to create a WinPE ISO 
image, and the BIN file needed to make the 
ISO image bootable. If you want to use a 
64-bit boot environment, replace x86 in the 
code with amd64, but bear in mind that any 
applications or drivers you inject into the 
image must then also be 64-bit. 

To customize the image, you need to 
access its contents. From the same command 
window, type the following command: 

imagex /mountrw c:\winpe-x86\winpe.wim 1 
c:\winpe-x86\mount 

This command mounts the first image con¬ 
tained in the WIM file in read/write mode 
to C:\winpe-x86. Browse to that folder and 
you'll see the WinPE file structure. 

The next step is to inject the Hyper-V 
platform drivers into the image so that 
when the VM boots into WinPE, it will be 
able to see the network and fully support 
the VM's hardware. From a networking 
perspective, the Hyper-V drivers are neces¬ 
sary for the synthetic NIC to function, but 
to boot a Hyper-V VM from the network, 
you must install a legacy network card, 
which doesn't need extra drivers. However, 
injecting drivers is easy, and it's good prac¬ 
tice for later supporting different hardware 
platforms. 
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Mount the vmguestiso image with a 
virtual drive utility such as DAEMON Tools 
(www.daemon-tools.cc/eng/home) or 
extract it with WinRAR or any other appli¬ 
cation that can read the contents of ISO files. 
Then, enter the following command in the 
WinPE command window: 

peimg /inf=w:\support\x86\en-us\*.inf 
c:\winpe-x86\mount 

In this case, W:\ is the virtual drive I mounted 
the image in; you'll need to substitute the 
appropriate path for your system. Next, copy 
ghost32.exe: 

xcopy PATH\ghost32.exe 

c:\winpe-x86\mount\windows\system32 

WinPE defaults to \Windows\System32 on 
boot, so ghost32.exe loads more easily if it's 
in that folder. You save the changes with the 
following command: 

imagex /unmount /commit c:\winpe-x86\ 
mount 

If you forget the /commit switch, none of 
your changes will be saved. 

Finalize WinPE 

After you've customized WinPE, you have 
two choices. First, you can create a boot¬ 
able ISO image from the modified WIM file, 
which you can then either attach to the VM 
within Hyper-V Manager or burn to disk. 
Burning a disk is slower than using an ISO 
image, but a Hyper-V VM can read from 
physical media so you could use the disk 
on other systems. To create an ISO image, 
type the following command in the WinPE 
command window: 

oscdimg -be:\winpe-x86\etfsboot.com 
-n -o 

c:\winpe-x86\iso c:\winpe-x86.iso 


The command outputs the image as winpe- 
x86.iso. To attach it to a VM, make sure that 
the Hyper-V host can access the ISO image, 
then open Hyper-V Manager. Right-click 
the VM, then select Settings. In the left- 
hand window under IDE Controller 1, select 
DVD Drive. Next, in the right-hand window, 
select Image file, then browse for the ISO 
image. Click OK to confirm. 

Your second option after customizing 
WinPE is to make it available over the net¬ 
work via WDS. To do this, you need a con¬ 
figured WDS server—either Windows 2003 
SP1 or Server 2008. Copy C:\winpe-x86\ 
winpe.wim to the WDS server, then launch 
the WDS management console on the 
server. 

Expand the tree and right-click Boot 
images. Select Add Boot Image, browse for 
the winpe.wim file, click OK, then Next. 
Enter an appropriate image name and 
description (or accept the defaults), click 
Next, then Next again. WDS adds the image 
file to the list of available boot images. Make 
sure the VM is on a network that can find the 
WDS server and boot it from the network, 
then choose the image in the boot menu, as 
Figure 1 shows. 

Prep the Physical System 

Now it's time to get the physical system ready 
to take a snapshot. You should start by per¬ 
forming a thorough cleanup of the system. 
I didn't do enough of this and paid the price 
later with a mind-numbing repair installa¬ 
tion. Go through Add/Remove Programs and 
strip out all driver packages—graphics driv¬ 
ers, network drivers, and so on; they won't be 
needed on the VM. Keep only what you need 
to maintain basic functionality. 

It's also a good idea to do a disk cleanup 
and defrag on the hard drive—this is always 
a good idea before imaging because the pro¬ 
cess arranges data better on the disk, which 
results in fewer problems during image trans¬ 
fer. Also, go into System Configuration (Start, 


Run, msconfig) and disable all startup appli¬ 
cations—when the VM comes online for the 
first time, it won't be fully functional until the 
Hyper-V Integration Services are installed, 
so it's better to prevent startup software from 
running until the system is stable. 

If you're moving from a physical system 
with an IDE hard disk to a VM with an IDE 
virtual disk, chances are that the image 
will restore easily onto the VM. If, however, 
the physical system has a RAID controller 
or SATA drive, there's a strong likelihood 
that a straight image up/image down pro¬ 
cedure will result in a VM that instantly 
bluescreens due to a change in the disk 
controller on the boot disk. You're most 
likely to have this problem on earlier OSs 
such as Windows XP and Windows 2000; 
Vista should cope. 

However, because we're rescuing legacy 
systems, there's a strong chance you're deal¬ 
ing with an older OS. Therefore, you can save 
yourself a lot of time and bother by using 
Sysprep. Performing a basic Sysprep on the 
physical system to trigger the mini-setup gets 
you past any bluescreen problems when the 
VM reboots after image deployment. If you 
want a more elegant solution, incorporate 
the contents of the \support\x86\en-us folder 
into the file system on the physical machine 
before running Sysprep so that the virtual 
device drivers are present when the guest 
OS runs through plug-and-play detection. 
However, you still have to install the Integra¬ 
tion Services software after imaging—there's 
more to the package than just the drivers, 
such as data exchange, heartbeat, and time 
synchronization. 

Because I was in a rush to get my system 
migrated, I didn't run Sysprep and paid the 
price when the VM instantly bluescreened. 
A repair install fixed the problem, but it 
took so long that it would have been worth 
spending the time to go back, run Sysprep 
on the machine, and recapture the image. 

Deploy the Image 

Whenyou've prepared 
the physical system, 
shut it down and boot 
into the Ghost client. 
If you don't have a 
pre-existing method 
in place for this pro¬ 
cedure, you can use 
the custom WinPE 



Figure 1: Choosing the boot image from WDS 
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Figure 2: Booting into the customized WinPE image 



Figure 3: Launching Ghost within WinPE 


ISO image created earlier. Or, if the older 
system supports network booting, let it 
access the image from the WDS server. You 
can even take the bootable ISO image and 
transfer it to a USB key and boot the physi¬ 
cal system from that—which makes a great 
portable tool. 

To create an image, open the Ghost- 
Cast server application and select Create 
Image. Nominate a session name and file 
name. Then from the client, go to Ghost- 
Cast, Unicast and enter the session name 
to begin the capture session. After it's 
captured, it's good practice to open the 
capture file with Ghost Explorer on the 


GhostCast system to make sure the image 
files are OK. 

When you've created the image, fire up 
the VM on the Hyper-V host and boot into 
WinPE, as Figure 2 shows. Remember that 
if you're booting from the network, you 
need to attach a legacy network adapter. 
When the system loads, you'll be presented 
with a command window. Navigate to X:\ 
Windows\System32 and enter ghost32.exe 
to launch Ghost, as Figure 3 shows. 

If the VM and GhostCast system are on 
different subnets, you'll have to enter the 
server IP address manually for the client 
to connect. If you're doing more ghosting 


across subnets, enter an IP helper address 
on the router so that you don't have to type 
in the IP address every time. Wait while the 
image is restored, then reboot the VM. The 
only post-install task needed for system 
stability is to install the Integration Service 
components—then you're done. 

Next Time? 

This method of P2V is, to be honest, not 
exactly elegant. However, it does have the 
advantage of being quite robust—using 
Ghost for imaging means that if something 
goes horribly wrong with the VM, you've still 
got both the original machine (obviously, 
don't throw it away until you complete the 
migration successfully!) and the captured 
image, so you haven't lost any data. 

This method also has the advantage of 
letting you get your hands dirty with WinPE 
and WDS. They're a powerful combination 
and can form the basis of a wide range of 
custom tools for supporting systems. WinPE 
is a great platform for deploying useful utili¬ 
ties to any corner of your network, physical 
or virtual—like ghost32.exe. 

Would I follow the same path next time? 
As long as we still have a supporting Ghost 
infrastructure, yes. After we've moved 
across to WDS completely, no. There are 
ways of converting a physical hard disk 
to a VHD that you can then attach to a 
Hyper-V VM—that's a much more straight¬ 
forward (although apparently equally 
time-consuming) process, and certainly 
worth a look. The other, more sensible, 
option is to make use of System Cen¬ 
ter Virtual Machine Manager (SCVMM), 
which has supported P2V methodologies. 
The downside is that SCVMM is an extra 
purchase, and businesses that are just 
playing with Hyper-V at this stage might 
not consider the cost worth it. If, however, 
you're considering Hyper-V as your virtu¬ 
alization platform of choice, SCVMM is an 
invaluable management tool and should 
definitely be investigated. ^ 

InstantDoc ID 102339 
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Easy OS 
deployment 

by John Savill 


I recently had an important client who asked me to install Microsoft 
System Center Configuration Manager 2007 (SCCM) and configure it 
to deploy Windows Server 2008 and Windows Server 2003—all within a 
day. Although I accomplished the task, I hit some bumps along the way. 
In this article I share the process I followed, the problems I encountered, 
and the solutions I employed. Because this is a high-level overview of 
OS deployment through SCCM, I don't discuss SCCM installation. The article 
assumes that you already have SCCM 2007 installed, as well as a working knowl¬ 
edge of it. (For information about SCCM, see the Learning Path on page 40.) 

Getting Started 

Before you try to deploy an OS, you need to ensure that your environment is 
healthy. 

• Check for errors in your SCCM site systems. Open SCCM and navigate to 
Site Database, System Status, Site Status. Under the site's name, view the 
Component Status and Site System Status areas, as Figure 1 shows. If you 
encounter any problems, view the error messages, then resolve the errors. 
You can also check C:\Program Files\Microsoft Configuration Manager\ 

Logs to see detailed messages about many of the components. 

• Make sure you have site boundaries defined. Open SCCM and navigate to 
Site Database, Site Management. Under the site's name, select Site Settings, 
Boundaries. 

• Make sure you have a distribution point and management point enabled. 
Open SCCM and navigate to Site Database, Site Management. Under the 
site's name, select Site Settings, Site Systems. 

• Install Windows Deployment Services (WDS) on the SCCM server that 
will be the Preboot Execution Environment (PXE) boot point. Don't try to 
configure WDS directly; SCCM does all the configuration work. Install WDS 
with zero configuration. 
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Use the Microsoft Management Console 
(MMC) DHCP snap-in to authorize the 
WDS (SCCM) server in Active Directory 
(AD) for DHCP. Most likely, the SCCM 
server isn't the DHCP server. However, 
you shouldn't need to set scope options 
on the DHCP server to point to SCCM 
for PXE. If you have multiple networks 
and your routers are forwarding packets 
correctly, your clients should be able 
to receive responses. Alternatively, you 
can use DHCP option 67 to set your 
boot image to a value of \SMSBoot\ 
x86\wdsnbp.com and option 66 to your 
SCCM server's Fully Qualified Domain 
Name (FQDN) to force DHCP to tell cli¬ 
ents the SCCM server. 

Create a standard AD user account 
for the network access account. Open 


SCCM and navigate to Site Database, 
Site Management. Under the site's 
name, select Site Settings, Client 
Agents, Computer Client Agent. Con¬ 
figure the account in the Computer 
Client Agent Properties dialog box, as 
Figure 2 shows. Make sure the account 
is a local administrator account on 
the SCCM server, or at least give the 
account rights to the smspxeimages$ 
share and make it a member of the 
SMSAdmins group. Otherwise, when 
clients boot from PXE they won't have 
permission to read the Windows Pre¬ 
installation Environment (WinPE) files 
from the share. For more information 
about best practices for the network 
access account, see the Microsoft 
article “About the Network Access 


Account" (technet.microsoft.com/ 
en-us/library/bb680398.aspx). 

For more OS deployment tips, see the 
Microsoft Operating System Deployment 
Checklists website (technet.microsoft.com/ 
en-us/library/bb632737.aspx). 

Configuring the SCCM Server for OS 
Deployment 

The first step in OS deployment is to prepare 
the server for the OS images. 

1. Create a folder and share to store 
the Windows Imaging Format (WIM) files. 
Copy the files into this folder, giving them 
useful names (e.g., vistasplx86.wim rather 
than install.wim). 

2. Import the WIM files from the share 
into the Operating System Deployment 
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Figure 2: Creating an AD user account for the network access account 
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portion of the SCCM management console. 
Note that by default, if you import a WIM 
file that has multiple images in it, SCCM 
uses the name of the first image (e.g., Win¬ 
dows Vista Business) to name the entire 
group of imported images. A better alter¬ 
native is to use a more meaningful name, 
such as Windows Vista SP1 x86. 

3. Add a distribution share for the new 
images. 

4. Add a PXE distribution point for 
each of the boot images. (By default, 

SCCM already has the boot images for x86 
and x64 that contain the WinPE environ¬ 
ment; however, no distribution points are 
assigned to these images.) 

5. Enable PXE boot capability on the 
SCCM server. Open SCCM and navigate 
to Site Database, Site Management. Under 
the site's name, select Site Settings, Site Sys¬ 
tems, PXE Service Point. Then, enable the 
PXE site role to open various ports in your 
firewall. 

Although SCCM 2007 R2 can deploy OSs 
to unknown computers, I recommend that 
you deploy OSs only to computers for which 
you have the MAC address. Deploying to 
an unknown computer can result in SCCM 
wiping and reinstalling the computer. 

In my case, I was deploying to a new 
computer that didn't have an AD account 
and wasn't known to SCCM. 

Therefore, I needed to create 
an SCCM record and add the 
computer to a collection. 

Open SCCM and navigate to 
Site Database, Computer Man¬ 
agement, Operating System 
Deployment, Computer Associ¬ 
ations, Import Computer. Select 
Manual and enter the computer 
name and MAC address. Force 
an update of the All Systems 
collection (by first selecting 
the Rebuild action, then the 
Refresh action) to display the 
new computer. 

Next, you need to create a 
collection where you can target 
your OS deployments. Create 
a collection called OSDeploy- 
ment, and use a static rule to 
add to the collection any com¬ 
puters that need the OS. (If 
you're just doing initial testing 


and need a controlled environment, add 
only your test machines.) Another option 
for bulk deployments is to create dynamic 
collections with membership based on attri¬ 
butes such as existing OS and computer 
locations. 

Finally, create an application package 
as follows, so you can actually deploy the 
SCCM client to new installations. 

1. Navigate to Site Database, Computer 
Management, Software Distribution, 
Packages, New Package. 

2. Configure the package so that it has 
source files. The source should be Wsccm 
server\sms_site code\ Client. 

3. Select the options Always obtain files 
from a source directory and Access distribu¬ 
tion folder through common ConfigMgr 
package share. Accept all the other default 
settings. 

4. Create a program under the pack¬ 
age. Set the value for the command line as 
ccmsetup.exe. 

5. Under Requirements, select Run on 
any platform. 

6. Under Environment, set the Program 
can run option to Whether or not a user is 
logged on , and set the Drive mode option to 
Runs with UNC name. 

7. Make sure all the advanced options 
are unchecked. 

8. Add a distribution point. 



TO LEARN MORE ABOUT SCCM: 

Microsoft System Center Configuration Manager, 
www.microsoft.com/systemcenter/ 
configurationmanager/en/us/default.aspx 

System Center Configuration Manager TechCenter, 
technet.microsoft.com/en-us/configmgr/ 
default.aspx 

System Center Configuration Manager 2007, technet 
.microsoft.com/en-us/library/bb735860.aspx 

System Center Configuration Manager 2007 Toolkit, 
www.microsoft.com/downloads/details.aspx? 
displaylang=en&FamilylD=948e477e-fd3b- 
4a09-9015-141683c7ad5f 

WINDOWS IT PRO RESOURCES: 

"Microsoft System Center Configuration Manager," 
InstantDoc ID 97656 

"The 4 Pillars of System Center Configuration Man¬ 
ager," InstantDoc ID 95959 


Next, you need to create a task sequence 
to deploy the OS and SCCM client package. 
(For more information about deploying 
images, see the Microsoft TechNet article 
"How to Deploy Operating System Images 
to a Computer," at technet.microsoft.com/ 
en-us/library/bb632559.aspx; for more 
information about creating a task sequence, 
see "How to Create a Task Sequence to 
Install an Existing Operating System Image 



Figure 3: Configuring task sequence options 
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WIN321: Can Windows 7 and Server 2008 
R2 Help Secure Your Network Better - 
and What Will It Cost? 

MARKMINASI 

A look at the list of Windows 7's premier"big" new 
features (VHDs, the Ul changes, libraries, BranchCache, 
DirectAccess, AppLocker, BitlockerTo Go) will reveal 
that three out of that seven (the last three) are 
security-related items. In this session, Windows 
security consultant and writer of the world's 
best-selling Vista security book Mark Minasi puts 
these and other Windows 7 and Server 2008 
R2-related security features under the microscope, 
explaining the good, the bad, the inexpensive and 
the pricey. 

WIN218: Easing Management and 
Securing Remote Offices with Windows 
Server 2008 R2 

JOHNSAVILL 

This session will focus on the technologies in 
Windows Server 2008 to help ease management of 
remote offices that require infrastructure but 
typically don't have local administrators or facilities 
for proper server storage while increasing security 
for the organization. Technologies that will be 
focused on and demonstrated will include Server 
Core running ADDS in Read Only Domain Controller 
mode with BitLocker encryption. Demonstrations 
will include services designed to remotely manage a 
Server Core including winRM, how to automate 
server core deployment and what exactly a RODC 
means, and a walkthrough of configuring which 
passwords are kept locally on the server with a 
password hacking tool execution showing most user 
accounts are not stored, negating many of the 
problems of having unsecured domain controllers 
out in remote offices. With PowerShell now 
available in the core version of 2008 R2, we have 
more management options than ever before. New 
Windows 2008 R2 file system technologies such as 
Branch Cache and Read-only DFS replicas will be 
examined and how they enhance the branch user 
experience. 

See Web site os we odd more Microsoft sessions. 
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RAS? Who Needs It! - Connect Remotely with Direct Access 
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Implementing a Work Anywhere Infrastructure with Windows Server 2008 R2 
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Best Practices: Securing Hyper-V and Your Virtualization Environment 

MICROSOFT 

Hyper-V: From Zero to Live Migration 

MICROSOFT 
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WIN101: ESXand Hyper-V Comparison 

ALAN SUGANO 

Microsoft's own hypervisor, Hyper-V, was released 
with Windows Server 2008. It is designed to 
complete directly against VMware's ESX server. How 
do the two products compare? Well consider price, 
performance, hardware requirements, high 
availability, management and other features in 
the comparison shootout. If you're evaluating 
virtualization platforms, make sure to attend this 
session to assist in your decision making process. 

WIN102: Everything You Wanted to Know 
About Storage but Were Afraid to Ask 

ALAN SUGANO 

If your company is like most companies, you are 
probably running low on disk space as storage 
hungry-applications eat up disk space like 
contestants in a pie eating contest. But what's the 
best solution for your company? With the advent of 
newer drive interface technologies like Serial 
Attached SCSI (SAS) and Serial ATA (SATA) there is a 
lot more to choose from when selecting a storage 
solution. This session will cover the storage basics of 
locally attached storage, network attached storage 
(NAS), just a bunch of disks (JBODs) and storage 
area networks (SANs), what they are, where they 
are typically used, and how they fit into a 
comprehensive storage strategy for your company. 

WIN324: Fast Track to Fixing AD Replication 

SEAN DEUBY 

A continuation of the first Fast Track AD session, this 
session will use the flowchart approach to resolve AD 
replication issues. Why should you have to figure it 
out new each time when you can simply follow a 
standardized method? It will build on the foundation 
laid in the first session, focusing on the most common 
ways replication goes wrong, and step through a 
repeatable process you can use to get objects and 
attributes flowing again. 

WIN325: Fast Track to Fixing General 
AD Problems 

SEAN DEUBY 

Active Directory is one of IT's most complex 
infrastructure systems. If AD isn't your sole 


responsibility, when you have problems sometimes 
it's hard to know where to start. What if you could 
just follow a flowchart? This session will show you a 
logical problem-fixing process you can take back to 
the office and use to speed your problem time to 
resolution. Sean will also give overviews of some basic 
tools every AD administrator should be familiar with. 

WIN305: File Sharing Smackdown: 

Shares vs. SharePoint 

DAN HOLME 

SharePoint document libraries are the new file share, 
or are they? What are the pros and cons of using 
SharePoint as a file store? What do file servers offer 
that SharePoint does not? Is a hybrid environment 
desirable or even possible? How can an enterprise 
migrate and integrate these two disparate approaches 
to a common goal? These questions and more will be 
answered by Dan Holme as you take a deep dive into the 
best practices and real-world experiences of enterprises 
large and small. This session will address both the 
strategic and technical details you need to know to 
support collaboration around files in your organization. 

WIN214: Group Policy in 2009 (Part I): 

The Modern Client and the Group 
Policy Preferences 

JEREMY MOSKOWITZ 
Vista has been out for a while. And so have the Group 
Policy Preferences. But are you making use of these 
new technologies? Not yet? Well, you're in luck. With 
an updated GPMC, the Group Policy Preference 
Extensions, an updated "engine" with Vista and 
Windows 7, it's like a Thanksgiving dinner you get to 
eat every day! So come hear the essential "What 
every admin absolutely needs to know"about 
Windows Vista, Windows 7 and Group Policy. Learn 
why you need a modern management station to 
support the new GPMC. Learn how to lock out 
hardware, zap printers and keep yourself out of 
trouble with new"MLGPOs."See the 21 new big 
things Microsoft has gifted every administrator. 

Even if you're not ready for Windows Vista or 
Windows 7 now, that's okay, you positively must 
come to this session to learn the ropes from Jeremy 
Moskowitz, Group Policy MVP. (Notesome material 
is covered in Jeremy's pre-conference workshop.) 


WIN215: Group Policy in 2009 (Part II): 

Troubleshooting 

JEREMY MOSKOWITZ 
With the changes in Windows Vista and Windows 7, 
that means you might need to update your 
troubleshooting skills. Jeremy Moskowitz, Group 
Policy MVP ofGPanswers.com and author of 
Group Policy Fundamentals, Security, and 
Troubleshooting is just the guy to bring you the 
know-how. In this session, you'll learn why you can't 
just run gpresult.exe anymore and get the results 
you want. You'll discover what happens if you 
reconnect to network after a long absence. You'll 
learn how to crack open the new Vista and Windows 
7 event log and trace Group Policy flow to figure out 
what might be going on. You'll learn how to 
troubleshoot the new Group Policy Preference 
Extensions. You'll learn how other areas such as 
Offline Files and Group Policy Software Installation 
can be tweaked to give you just the information you 
need to fix what ails you. If you're looking for Group 
Policy answers to your troubleshooting questions, 
this is the session for you. 

WIN322: How Windows Storage Is 
Changing: Everything's Going VHD! 

MARKMINASI 

Load Windows 7 or Server 2008 R2 on a system, and 
you'll notice something sorta strange: there's no 
boot record or BCD folder. Look at other Windows 7/ 
R2 systems, and you may notice something even 
stranger: there's only one file on the hard disk, and 
yet you can boot the system and run a normal 
Windows system. What's going on here? Simple: 
Windows 7 gets a lot of press for its faster-than- 
Vista performance and newer user interface, but 
there's a lot more to it, including native support of 
VHD files (that's how a one-file system boots) as 
well as a new default disk structure, support of 
direct-to-disk ISO burning, and more. Whether 
you're going to Windows 7 sometime soon or five 
years from now, you'll want to be prepared for the 
changes that Windows 7 brings to storage — and 
who better to prepare you than veteran Windows 
explainer Mark Minasi? Join Mark for this quick look 
at Windows 7/R2 storage and save yourself having 
to read a small mountain of white papers! 
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WIN208: Leveraging SCVMM for Auto¬ 
mated Provisioning of VMs on Hyper-V 

GUIDO GRILLENMEIER 
There are many ways to deploy Virtual Machines on 
Hyper-V servers directly. System Center Virtual 
Machine Manager (SCVMM) adds a few more 
methods that make it even easier to manage a 
larger Hyper-V farm and deploy VMs to it. This 
session will show the different alternatives you have 
when deploying VMs with SCVMM, but will also 
highlight the challenges you may run into when 
automating the whole process. The session will 
answer questions such as: Does cloning virtual 
machines make sense? How does SCVMM support 
this process? How do you create a template from a 
given VM? And more importantly, how do you feed 
that template with the correct input for deploying 
new VMs? How is the whole deployment process 
automated with PowerShell commands? 

WIN306: Managing Administrative Rights 
in Active Directory and on Computers 

DAN HOLME 

Users as local Administrators? Sure, you know it's a 
bad thing, but how, exactly, can you achieve it in the 
real world, where custom and sometimes poorly 
written commercial applications get in the way? And 
what about support personnel? What's the right level 
of administrative access to delegate, and how can 
you most easily manage administrative credentials 
and privilege in your enterprise? The interfaces we're 
given by Microsoft don't help, and in fact result in 
highly over-delegated (not least privilege!) rights in 
Active Directory, on servers, and on workstations. Cut 
to the chase in this practical session and take away 
best practices for securing administration, support, 
and systems in the real world. 

WIN216: Microsoft App-V: How to Keep 
Your Machines from "Blowing Up" 

JEREMY MOSKOWITZ 
Let me guess: your machines just"blow up" now 
and again. And I know why. It's because you have a 
zillion applications on them with a half a zillion 
conflicts and things just "deteriorate" over time. 
Wouldn't it be neat if you could just eliminate that 
problem altogether? Well, with Microsoft's Application 


Virtualization technology (App-V, formerly known 
as Softgrid), you can. It works by "wrapping up" 
your existing software into "sequences,"and then 
putting them into a virtual sandbox. The upshot? 
Your applications aren't running "on" Windows. 
They're running within the sandbox. So, no more 
desktop deterioration. App-V is a big place, but 
come to this session to make sure you know the ins 
and outs before you get it in your organization! 

WIN217: NAP Your World: Howto Keep 
Your Network from Catching the Flu 

JEREMY MOSKOWITZ 
Cough cough. That's the sound your network makes 
when one user doesn't"bundle up"with antivirus 
software. Yep, just one user later, and you've got a 
big problem. So, how do you contain your little 
problems so they don't become BIG problems? NAP: 
Network Access Protection. The idea is that you can 
quarantine"bad"machines, and remediate them and 
make them "good."While they're"bad"they get limited 
access and can't hurt others. When they're "good" they 
get all the network access they need. NAP is nothing 
to sneeze at. So come by and check it out; so you 
don't catch the flu (or worse, pass it on to others.) 

WIN219: Remote Desktop Services in 
Windows 2008 R2 and What We Can Do with 
It, and Maybe, What We Can Get Rid Of 

JOHN SAVILL 

Terminal Services in previous versions of Windows 
has had issues, either with complexities for users 
just trying to do simple items like printing a 
document, complicated session environments just 
to run a single application, and VPN or firewall 
requirements to get access to a terminal server from 
outside the organization. Windows Server 2008 
addresseed all of these issues with a number of new 
technologies and updates to existing technologies 
including TS Easy Print enabling pass through 
printing, enabling remote sessions to take full 
advantage of locally installed printers and drivers, 
published applications for seamless application 
integration with the users desktop and TS Gateway 
for anywhere access to remote sessions and 
applications. Windows Server 2008 R2 adds on to 
these advancements for better performance using 


less bandwidth, an enhanced session broker to 
support VDI and overall improvements to make RDS 
virtual ready. With all these in-box capabilities, 
many organizations are evaluating the need for 
add-on remote solutions. 

WIN309: RODCs in the DMZ? Never! 

Or Should I? 

GUIDO GRILLENMEIER 
It is a compelling option to deploy RODCs in the DMZ 
- they help to reduce the costs of managing another 
AD forest in the DMZ and simplify overall management 
of the DMZ. This was the key reason for HP to leverage 
RODCs quite to the surprise of Microsoft at the time. 
There are even more challenges as to how RODCs work 
"under the hood"that need to be understood when 
deploying RODCs in the DMZ, which would be covered 
by this session. We'll also cover the benefits and 
downsides of deploying RODCs compared to traditional 
methods of authenticating users to resources in the 
DMZ - and help to clarify that RODCs in the DMZ is 
not the right solution for everyone. This session builds 
on the previous"Tales from Deployment of RODCs in 
Large Enterprises"session, but will also make sense 
if you could not attend the first one. 

WIN210: Running AD Domain Controllers 
on Hyper-V 

GUIDO GRILLENMEIER 
Running Active Directory Domain Controllers as Virtual 
Machines has been possible for quite a while and is 
even supported by Microsoft! This is true for Virtual 
Server 2005 and for Hyper-V. This session will not 
only discuss the technical requirements to host an 
AD Domain Controller—either a writeable one, or a 
Windows Server 2008 RODC—as a VM on a Hyper-V 
server. It will also cover the rules you have to follow 
to make this work. 

WIN203: Server Virtualization Security 

ALANSUGANO 

Over the past two years, server virtualization has 
exploded. But how secure is it? We'll examine potential 
vulnerabilities on the server virtualization platform 
and how to address them. This session will include 
best practices to secure your virtual server guests 
and hosts. We'll look at virtualization-specific security 
solutions for different virtualization platforms. Ensure 
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that your virtualization ecosystem is secure by 
implementing the best practices in this session. 

WIN326: The Cheapskate's Advanced 
AD Recovery 

SEAN DEUBY 

It's well known there are different ways to recover 
Active Directory—some easier than others. What's 
not so well known is that you can use some of these 
new easy techniques without the time and expense 
of upgrading your entire domain or forest. This session 
will give you step-by-step directions, customized to 
your deployment level, on how to take advantage of 
the newest and most effective AD recovery features 
with the smallest deployment of Windows Server 
2008 and R2 DCs. 

WIN311: The Real Challenges of 
Operating Hyper-V Clusters 

GUIDO GRILLENMEIER 
This is a session that does NOT compare the features of 
Hyper-V to those of ESX. It also does NOT compare the 
performance of Hyper-V to that of other 
hypervisors. We know they all have their differences, 
but Hyper-V is certainly an attractive option. This 
session concentrates on the challenges of actually 
operating a Hyper-V implementation at enterprise 
scale and how we solved them. Details covered 
include best practices for deploying Hyper-V in a 
cluster, including various little traps that you can 
avoid falling into. Similarly, System Center Virtual 
Machine Manager (SCVMM) brings along its own 
challenges when planning to leverage it in a global 


Hyper-V deployment—though some things are not 
only relevant for larger-scale deployments and need 
to be understood for any size of SCVMM deployment. 
This includes handling of networks in a cluster and 
deployment of multiple disk-drives per VM. The 
session is a result of production use of Hyper-V and 
not from running it in test labs. 

WIN104: Top Items Where Your Company 
can Save on IT Infrastructure 

ALANSUGANO 

During these tough economic times, you may be 
able to help save your company money by reviewing 
your company's infrastructure. From your Exchange 
configuration, backup strategy, WAN charges, spam 
filtering, virtualization, and other areas, you may be 
able to help streamline your company's IT infrastruc¬ 
ture without sacrificing the reliability and 
performance of your network. Use suggestions from 
this session to ensure your company remains 
healthy during the economic downturn. 

WIN120: Virtualization, the Microsoft Way 

JOHNSAVILL 

In this session we will look at all the technologies 
to facilitate virtualization in your organization and 
the technical and business benefits. Key 
technologies explored deal with server virtualization 
using Hyper-V (including Clustering Hyper-V), 
presentation virtualization using new Windows 
Server 2008 terminal services capabilities, 
application virtualization using Softgrid and Kidaro 
technologies. We will look at putting all these 


technologies together for a Virtual 
Desktop Infrastructure (VDI) and how 
solutions such as the Microsoft 
Assessment and Planning Toolkit help us 
get a grasp on the benefits virtualization 
can bring to our organizations. 

WIN223: What Server 2008 R2 
Does for Your Active Directory 

MARK MINASI 
Windows Server 2008 R2 is coming 
soon, and that means new tools for 
directory service IT pros. For the 
occasional admin, Active Directory 
Users and Computers is still around, but 
now it's got a task-oriented sibling, the 
"Administrative Center for Active Directory 
(ACAD)."What's that, you're not a GUI fan? Then 
you'll smile when you learn that under the hood, 
ACAD just kicks off command-line PowerShell 
commands to get its work done, which brings us 
to Windows Server 2008 R2's premier AD 
advance—more than 85 PowerShell cmdlets. 

That might well be enough to justify an "R2" 
upgrade, but there's more: an "AD recycle bin" that 
lets you undelete things that were, urn, 
accidentally eliminated. A centralized, secured way 
to create and manage service accounts. ADLDS 
(what was once called ADAM) as well as AD both 
get new functional modes, and R2 supports 
"offline domain joins." For the details, don't miss 
this fast-paced, entertaining presentation from 
Mark Minasi, author of the world's best-selling 
books on Active Directory! 

WIN226: Introduction to the Cloud: 
Infrastructure, Platform, and Software 
Services 

STEVE RILEY 

WIN327: Security and Compliance 
in the Cloud 

STEVE RILEY 

WIN328: Managing Resources and 
Performance in the Cloud 

STEVE RILEY 
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MICROSOFT SESSIONS - UNDER WRAPS 

Microsoft techs present ten great sessions on Microsoft SharePoint 2010 with a commitment towards 
arming the practical programmer with the knowledge you need to get up to speed quickly with the 
SharePoint platform and tools.The specific SharePoint session titles and abstracts are under NDA until early 
August 2009, but we've seen the line-up and know the agenda will help make developers and IT profes¬ 
sionals both excited and more productive. Visit the SharePoint Connections Web site when we reveal 
the details of this great content. 
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HIT305: Backup and Restore for SharePoint: 
Protecting Mission Critical SharePoint 
Data with New Tools and Technologies 

MICHAEL NOEL 

As more and more organizations use SharePoint to 
store documents and other critical data, it becomes 
imperative to provide for backup and restore specific 
for SharePoint. While some integrated tools exist to 
provide for disaster recovery, document-level restore 
capabilities are often needed in a SharePoint 
environment. This session covers some of those 
technologies, and focuses specifically on how the 
new Microsoft System Center Data Protection Manager 
(DPM) 2007 product can be used to provide for 
SharePoint-specific backup and item-level restore. 

In addition, specifics on how to integrate DPM with 
a Microsoft Office SharePoint Server 2007 or Windows 
SharePoint Services farm are provided and best 
practice architectural examples for DPM, snapshot 
guidelines, and deployment tips and tricks from the 
field are covered. 

HIT301: Best Practices for SharePoint 
Governance and Design 

DAN HOLME 

You've read the white papers, you've Googled 
governance, but how, exactly, do you design a 
SharePoint implementation that will support 
governance and your information architecture? 

Join SharePoint MVP and consultant Dan Holme 
for a practical, nuts-and-bolts look at the close 
relationship between your information 
architecture and SharePoint's manageability 
controls, and the demands that relationship places 
on your design and infrastructure. Learn how to 
align your governance requirements with 


SharePoint farms, Web applications, and site 
collections. Gain a deeper understanding of the 
intricacies and challenges of designing the logical 
structure of SharePoint, and take away practical, 
blueprint-like guidance to what a governed 
SharePoint implementation might look like in your 
enterprise. 

HIT302: Building Document Content Type 
Solutions for SharePoint 

DAVID GERHARDT 
Content types are a core concept used in Microsoft 
Office SharePoint Server 2007 and are a means to 
manage content and ease reuse within sites. This 
session leverages material from the book Building 
Content Type Solutions in SharePoint 2007 and 
examines ways to get the most out of your 
document content type solutions. 

HIT303: Building InfoPath Form Solutions 
for SharePoint 

DAVID GERHARDT 

With Microsoft Office InfoPath 2007 you can design 
a single form template to be used in SharePoint for 
rich client and browser scenarios. This session 
explores both of these scenarios and offers tips on 
how to optimize your form solutions with 
declarative logic and managed code. 

HIT309: End Excel Hell: Migrate Excel Files 
to SharePoint and Getting Started with 
Business Intelligence 

TY ANDERSON 

There is no doubt that valuable company 
information resides in a plethora of Excel files. 
Financial models, customer lists, hedge fund stock 
projects, serial numbers...you name it and it is 
probably tracked in an Excel spreadsheet 


somewhere. Useful Excel files typically are shared 
with other users via e-mail, file shares, or 
SharePoint. That's fine, but SharePoint is a 
Business Intelligence platform that offers a 
method for migrating (or maturing) Excel files and 
integrating them as part of a Business Intelligence 
solution. 

This session will show how to build a Bl solution 
that begins with a set of Excel files and ends with a 
Bl Dashboard that integrates data from Excel files 
and other data sources. 

HIT310: Implement SharePoint and 
Search for FREE! 

WENDY HENRY 
Don't let budget constraints stop you from 
implementing the collaborative solution your users 
and management demand! For no purchase cost, 
you can implement a SharePoint environment with 
cross-site and cross-platform enterprise search 
capabilities using WSSv3 and Microsoft Search 
Server 2008 Express. Join this session's live virtual 
machine demonstrations on installing and 
customizing Search Server 2008 Express in a WSSv3 
environment to witness how these two powerful 
tools from Microsoft complement each other. Come 
see that free can be valuable indeed! 

HIT202: Improving Your SharePoint 
Designer Workflows 

DAVID GERHARDT 
Microsoft Office SharePoint Designer 2007 allows 
you to write codeless workflows with conditional 
logic, but there are some limitations that come with 
this application. This session identifies some of the 
shortcomings of SharePoint Designer workflows and 
provides workarounds that will help improve your 
automated business processes. 
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HIT201: Knowledge and Social Network¬ 
ing in the Enterprise 

DAN HOLME 

Discover why SharePoint MVP Dan Holme thinks 
"social networking" is a bad word, and why we'll all 
have to "get over" it if we want to remain 
competitive in the coming decade. This session will 
explore the extraordinary value found where human 
activities and information intersect, and how you 
can unleash that value within your organization. 

HIT101: MOSS Administration Roadmap 

MICHAEL BLUMENTHAL 
Want to be an expert MOSS Administrator in an 
hour? Too bad. The reality is that in an hour, you'll 
barely scratch the surface. Often, the product is so 
overwhelming, new administrators don't know 
where to start. This session will fix that. Think of it as 
your guide on the road to competency. Get an 
overview of the essentials, learn mistakes to avoid, 
and learn how to get the tools you need to get the 
job done. 

HIT207: Optimize SQL Server for SharePoint 

WENDY HENRY 

With so many best practices, white papers and 
technical documents out there regarding SQL Server 
administration for SharePoint, it's hard to know 
where to turn. Attend this session and we will 
quickly weed through the surplus of information 
available to focus on the top strategies for 
optimizing the performance of your SharePoint 
databases! Helpful worksheets and tracking guides 
will be illustrated for not only implementing 
optimization solutions but monitoring ongoing 
database performance in SQL Server 2005/2008 as 
your SharePoint environment grows and changes. 
Don't miss this opportunity to garner the tools you 
need to keep your SharePoint enterprise operating 
at peak performance! 

HIT204: Organize Your Intranet Right 
the First Time! 

MICHAEL BLUMENTHAL 

75% of people surveyed are dissastified with how 

their intranet is organized. If you are one of them, 


come to this session to learn a technique and process 
that can dramatically improve user satisfaction with 
site organization. Learn how to make it much easier 
for site users to find the information they are looking 
for. In this session, I'll provide guidance on how to 
determine the most intuitive system for organizing 
site content (an information architecture), the benefits 
of a content taxonomy, and how you combine these 
with SharePoint structures to build out a highly usable 
and successful Intranet that boosts user productivity 
and user adoption. 

HIT306: Security for SharePoint in an 
Insecure World: Examining Methods and 
Technologies to Mitigate Threats to 
SharePoint 

MICHAEL NOEL 

The collaboration and document management capa¬ 
bilities within SharePoint products and technologies 
are robust and can greatly improve functionality. 

The nature of the modern workplace in many cases 
requires anytime connectivity to the SharePoint 
platform, not only from within the confines of a 
traditional office, but also on the road or in the 
home office. Many organizations are subsequently 
finding it extremely valuable to expose their 
SharePoint environment to the Internet, but are 
being faced with a myriad of security challenges to 
keep their vital organizational information from 
being hacked and exposed. This session focuses on 
outlining the risks of exposing SharePoint to the 
Internet and explaining which technologies have 
been proven to mitigate those risks. From secured 
Web publishing using Microsoft's Internet Security 
and Acceleration (ISA) Server or the Internet Access 
Gateway (IAG) product line, to rights management 
protection, to antivirus with ForeFront Security for 
SharePoint, this session covers a range of security 
concerns and how they can be addressed. 

HIT304: SharePoint Administration 
with STSAdm...Not. Let's Try It with 
PowerShell Instead! 

KEVIN ISRAEL 

Meet the newer kid on the block, PowerShell. Its 
only job in life is to make our lives easier. This session 
not only covers the fundamentals of PowerShell but 


will demonstrate how to make just about anything 
you need to do with SharePoint easier. This session 
will be geared towards developers and architects. 
Want to see STSADM on steroids? Come to this session! 

HIT311: SharePoint Data Entry on a Budget 

WENDY HENRY 

Imagine: a WSSv3 environment with no budget for 
MOSS 2007, Forms Services 2007, or InfoPath 2007 
on every desktop. Sound familiar? Then don't miss 
this session on using WSSv3 tools such as custom 
lists, custom views, and automated workflows to 
help information workers build form-like data entry 
solutions in SharePoint. MS Word forms stored in a 
document library are too easily overwritten and 
non-IT personnel require extensive training before 
they can build Data View Web Parts in SharePoint 
Designer 2007. Experts and novices alike will walk 
away from this session with the skills to implement 
a quick and easy data entry solution for any 
department, from Human Resources to Shipping/ 
Receiving, as soon as you get home! 

HIT203: SharePoint SEO Tips and Tricks 

KEVIN ISRAEL 

We will cover tips and tricks that can be accomplished 
with OOB features that SharePoint provides including 
but not limited to: custom content types, managed 
properties, scopes, and advanced search, just to 
name a few. We will also cover some best practices 
related to SharePoint search. The goal of this session 
is for you to take away a "bag of tricks" that will help 
SharePoint deliver better search results by 
implementing good "front end"strategies that will 
help maximize the SharePoint Indexing and Search 
engine. 

HIT312: SharePoint's Cheap and Easy 
Aggregation Tools Save Time and Money 

WENDY HENRY 

Storing enterprise data across distributed SharePoint 
sites and other resources doesn't have to mean 
investing in an expensive utility to ease user navigation. 
Don't miss this session on using the inherent tools of 
SharePoint, both WSS and MOSS, that enhance 
navigation without causing redundant storage and 
added resource costs. Live demonstrations of Content 
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Query, Site Aggregation, Site Summary Links and Links 
Web Parts along with scenario-based illustrations of 
practical content type and Send To use will give even 
experienced SharePoint administrators solutions for 
improving user productivity without breaking the bank. 

HIT307: SharePoint's Virtual Reality; 

Best Practice Virtualization Options for 
a SharePoint Farm 

MICHAEL NOEL 

Server virtualization technologies have taken front 
stage recently and many organizations have begun 
to seriously contemplate replacing physical servers, 
including SharePoint servers, with virtualization 
technologies. This session focuses on real-world 
architecture and best-practice recommendations for 
incorporating SharePoint architecture into virtualized 
environments running with either Microsoft's Virtual 
Server 2005, Microsoft's Windows 2008 Hyper-V 
Virtualization, EMC's VMware Server, and Citrix 
XenApp products. In addition, special focus is placed 
on virtualization management and provisioning 
using tools such as System Center Virtual Machine 
Manager (VMM). The session also focuses on 
outlining which specific components of SharePoint 
operate well in a virtualized environment versus 
which ones are not necessarily good candidates. In 
addition, this session gives an in-depth look at 
real-world designs for SharePoint using both major 
virtualization products and outlining the strengths 
and weaknesses of each product in relation to 


SharePoint functionality and supportability. 

HIT308: The Ultimate SharePoint Best 
Practices Session: Lessons Learned from 
Years of SharePoint Deployments 

MICHAEL NOEL 

SharePoint 2007 has proven to be a technology that is 
remarkably easy to get running out of the box. On the 
flipside, however, some of the advanced configuration 
options with SharePoint are notoriously difficult to 
setup and configure, and a great deal of confusion 
exists regarding SharePoint best practice design, 
deployment, disaster recovery, and maintenance. 
This session covers best practices developed from years 
of SharePoint deployments, encompassing the most 
commonly asked questions regarding SharePoint 
infrastructure and design, and includes a broad range 
of critical but often overlooked items to consider 
when architecting or optimizing a new or existing 
SharePoint environment. In short, all of the specifics 
required to turn a SharePoint environment into the 
"perfect"farm are outlined. 

SharePoint Development 

HDV304: Automate Business Processes 
Using InfoPath Forms with Integrated 
SharePoint Designer Workflows... All 
Without Coding! 

ASIFREHMANI 

Forms and Workflows are essential to business processes. 
Companies usually rely on programmers to create the 


forms and workflows using code. Not any more! If 
you have access to Microsoft Office InfoPath and 
Microsoft Office SharePoint Designer, you can create 
powerful data-driven form solutions on your SharePoint 
sites. InfoPath gives you the ability to pull data from 
databases and lists, and create forms with data 
validation and conditional formatting. SharePoint 
Designer's workflows let you then design powerful 
multi-step workflows centered around the form 
collected data. In this session, you will see how to 
design a robust form using InfoPath and then design 
a workflow using SharePoint Designer to route this 
form appropriately. 

HDV307: Building SharePoint Applications 
for Outlook and Exchange 

ERIC MICHEL LEGAULT 
VSTO and other third-party development tools provide 
a powerful canvas to create highly professional 
SharePoint applications that integrate with Outlook 
and/or Exchange. This session will highlight the design 
capabilities of VSTO, Add-In Express and Redemption 
for creating Outlook COM Add-Ins or Windows Service 
applications and review development strategies for 
consuming/writing SharePoint/Outlook/Exchange 
data. Outlook examples will illustrate creating custom 
Task Panes, Folder View regions and Properties dialog 
tabs for building your presentation layer on top of 
SharePoint Web services. Server-side examples include 
building solutions to work with Outlook/Exchange data 
without requiring Outlook or Exchange to be installed. 
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HDV311: Building Information Policy 
Features in SharePoint Server 2007 

JOHN HOLLIDAY 
SharePoint Information Policy lets you define 
explicit rules that govern the creation, use and 
disposition of list items, and is implemented as a 
tightly-coupled collection of components that 
together provide an extensible framework for 
managing enterprise content. This session explains 
the information management policy architecture in 
detail and steps through the process of designing 
and building custom policy features and policy 
resources. An end-to-end solution is presented that 
illustrates how information policy definitions can 
be extended to work in tandem with code running 
in Office client applications. 

HDV309: Build Better Records Management 
Solutions Using Dynamic File Plans 

JOHN HOLLIDAY 

At the heart of any records management system is 
the File Plan, which describes where each type of 
record should be stored, how long it should be kept 
and the manner and conditions under which it will 
be archived or destroyed. Professional records 
managers and compliance officers are accustomed 
to creating file planning worksheets and then using 
them to manually configure records center sites in 
SharePoint. This session will go beyond the manual 
fi odel offered by static file plans toward a fi ore 
automated approach, where dynamic file plans are 
used to drive the process of adding the required 
elements into a records repository. An automated 
approach fits well with the day-to-day operations 
of a typical records center by enabling compliance 
officers and content managers to deal more 
effectively with constantly changing requirefi ents 
and regulations. During the session, I will create a 
SharePoint feature that adds a FilePlan gallery to a 
record center site that holds a collection of dynamic 
File Plan docufi ents represented as XML files created 
using InfoPath 2007. The feature will also deploy a 
custom application page that enables a plan 
administrator to "execute" the file plan, automatically 
creating all of the necessary routing types and other 
components needed to manage the documents 
described in the plan. 


HDV310: Building Custom Routers for 
SharePoint Records Management 

JOHN HOLLIDAY 
This session discusses developer aspects of 
Microsoft Office SharePoint Server 2007. Custom 
routers are an important extensibility point for 
records management and this session details the 
requirements for building these components. It 
provides a demo of building several different 
routers and deploying them into a SharePoint 
Server environment. During the session, I will 
create three different types of custom routers and 
use a custom SharePoint feature to deploy them. 

I'll create a filtering router to screen incoming 
records, a tracking router to monitor incoming 
records, and a redirecting router that determines 
the proper location for incoming records based on 
document properties and other metadata 
associated with the submitted file. In the process, I 
will highlight core features of the SharePoint 
record routing architecture, including the manage¬ 
ment of document properties, audit entries and 
content types. 

HDV315: Client-Side Programming in 
SharePoint Server 2010 

SCOT HILLIER 

SharePoint 2010 abstracts are under NDA until 
mid-August. Check the Web site for the updated 
abstract. 

HDV316: Creating RESTful Web Services 
for SharePoint 

SCOT HILLIER 

Windows Cofi fi unication Foundation (WCF) supports 
REST style services, which is an architecture for building 
resource-oriented services using standard HTTP verbs 
(GET, POST, PUT, and DELETE) that can be located 
through a URL In this sesion, we will learn to create 
RESTful Web services for SharePoint that access list 
items. The session will start with a brief overview of 
REST and how it is ifi plefi ented in WCF services. 
Next, the session will present the steps necessary to 
create a RESTful Web service that accesses list items 
in SharePoint. Finally, the session will go through 
the steps necessary to deploy a RESTful WCF service 
into Office SharePoint Server. 


HDV306: Report on Data from SharePoint 
Lists, Libraries and SQL Databases Using 
Data Views in SharePoint Designer 

ASIF REHMANI 

The SharePoint Designer Data View Web part is 
known as the "Swiss Army Knife" of all Web parts. 
Data View, which is only available through 
SharePoint Designer, can pull data from a variety of 
data sources including SharePoint lists and 
libraries, SQL databases, Web services, RSS feeds 
and more. This data can then be presented on any 
SharePoint page. The formatting of this data can 
also be manipulated to present a rich view of this 
data. In this session, you will see how easy it is to 
present unified views of data that are being 
fetched from a variety of data sources. 

HDV308: Enhancing Connected 
SharePoint Lists in Outlook 2007 

ERIC MICHEL LEGAULT 
It's really easy to link an Events, Contacts or Tasks 
list in WSS to Outlook 2007. But what if you had 
custom list fields or list views? These elements are 
not supported! But by using Visual Studio Tools for 
Office to build an Outlook COM Add-In consuming 
SharePoint Web services, you can easily design a 
custofi Forfi Region to display these custofi fields 
and provide options for importing list views into 
the linked Outlook folder. 

HDV312: Office Document Assembly Made 
Easy with OpenXML and XSLT 

JOHN HOLLIDAY 

The beauty of the OpenXML format is its ability 
to support multiple markup dialects like 
WordProcessingML, SpreadsheetML and 
PresentationML while still providing a consistent 
and reliable packaging structure. But this power 
often comes at the expense of application 
developers who need to produce complex 
documents in all three formats without spending 
inordinate amounts of time developing custom 
code for each one. XSL transformations (XSLT) 
offers a convenient fi echanisfi for solution 
developers to avoid writing procedural code to 
generate content from data retrieved from 
SharePoint lists or other data sources. 
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HDV301: Enterprise Content 
Management in SharePoint Server 2010 

ANDREW CONNELL 
SharePoint 2010 abstracts are under NDA until 
mid-August. Check the Web site for the updated 
abstract. 

HDV313: SharePoint and JQuery 
Sitting in a Tree... 

KEVIN ISRAEL 

So you want to really make people happy with 
SharePoint Ul treats combined with business 
objectives? Well let's mix in some JQuery and make 
them very happy. How do you do that you ask? Well 
come to this session and find out! We will cover 
configuring JQuery with SharePoint, review JQuery 
syntax, and show you how to start combining the 
power of JQuery with SharePoint. 

HDV314: PowerShell for MOSS Developers 
and Administrators 

MICHAEL BLUMENTHAL 
PowerShell, the ultimate in command shells for 
Windows, exposes all the richness of .NET right at 


the command line! Learn how to use this powerful 
tool for a variety of MOSS configuration, administra¬ 
tion, and customization needs. See how easy it is 
to work with the SharePoint object model without 
having to dive into Visual Studio! 

HDV317: External Data Access and 
SharePoint Server 2010 

SCOT HILLIER 

SharePoint 2010 abstracts are under NDA until 
mid-August. Check the Web site for the updated 
abstract. 

HDV305: Manage Your Business Data in 
Your Databases Using Data View Web 
Part... No Code Needed! 

ASIFREHMANI 

Managing content in the enterprise is one of the 
most crucial needs of a business. Until now, if you 
wanted to edit your data in the database through 
a web front end, it usually meant developing a 
solution using some sort of programming 
language. Things have changed! Now if you are a 
power user who has access to Microsoft Office 


SharePoint Designer 2007, you can tap into your 
data by implementing the Data View Web part. 
Using this functionality, you can tap into any of 
your backend databases and manage your data. 
This session will focus on how a knowledge worker 
can be empowered to create data management 
solutions using the Data View Web part. 

HDV302: SharePoint 2010 and Services 

ANDREW CONNELL 
SharePoint 2010 abstracts are under NDA until 
mid-August. Check the Web site for the updated 
abstract. 

HDV303: SharePoint 2010 Developer 
Overview 

ANDREW CONNELL 
SharePoint 2010 abstracts are under NDA until 
mid-August. Check the Web site for the updated 
abstract. 

HDV101: Social Networking and 
Collaboration in Outlook and SharePoint 

ERIC MICHEL LEGAULT 

This session will discuss and highlight the 
growing convergence of applications and 
development tools within Microsoft's 
collaborative software offerings that 
focus on Social Networking. Elements 
such as the SharePoint Server Colleague 
Import Add-In for Outlook and MOSS APIs 
for working with User Profiles provide the 
foundation for linking this data within 
Outlook. New development features in 
Outlook 2010 will allow custom solutions 
which leverage SharePoint collaboration 
to be brought to a higher level. Other 
software coming from Microsoft will 
provide an even greater framework for 
creating full-featured social networking 
applications that can leverage the entire 
breadth of Microsoft's collaboration suite. 
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EMS01: Lap around Release 2 
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EMS02: Introduction to 
Microsoft Exchange Server 2010 
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EMS03: Microsoft Exchange 
Server 2007 SP1 and Microsoft 
Hyper-V: Dos and Don'ts 
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EMS04: Migration to Microsoft 
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and Non-Microsoft Platforms 
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EMS05: Microsoft Exchange 
Server 2010 Architecture 
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EMS06: Storage in Microsoft 
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MICROSOFT 

EMS07: Windows Essential Business 
Server 2008: Technologies to Drive 
Cost Out of Midsize Business 
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EXC01: Accessing Exchange in the Cloud— 
What You Need to Know 

KIERAN MCCORRY 

This session, covering both Exchange 2007 and Exchange 
2010, outlines some of the best practices and inside 
information about truly accessing Exchange service 
in the cloud, highlighting the stress points in your 
infrastructure and where particular focus needs to 
be brought to bear. The session also outlines details 
of the Federation aspects of Exchange 2010. 

EXC02: Amaze Your Friends and Users with 
Global Address List Tips and Tricks 

JIM MCBEE 

For most organizations with Exchange, the Global 
Address List (GAL) becomes your company's corporate 
phone directory. Most Exchange administrators don't 
realize that you can further customize the GAL and do 
some very simple things that will make this resource even 
more valuable for your users. This intermediate session 
takes a look at some things you can do to customize 
the GAL including creating address lists, customizing 
details templates, defining "resource"objects, and 
creating a naming standard that helps with sorting. 

EXC03: CAS 2010—More Food for Thought 

KEVIN LAAHS 

The CAS role plays an even bigger role in your Exchange 
2010 environments than it does in Exchange 2007. 
Whilst it still supports the likes of 0WA, ActiveSync, 
Web services and Outlook Anywhere, there are some 
fundamental architectural changes afoot that will 
change the way you architect your Exchange 
environments. In this session, we take a look at the 
major new functions that the CAS supports such as 
the Exchange Control Panel and Mapi-On-The-Middle 
Tier as well as all the exciting end user features that 
are delivered by the likes of OWA (even to Firefox 
and Safari browsers). 

EXC04: Designing Highly Available Solutions 

MICHAEL B. SMITH 

Shared disk is not the only answer to high availability 
in a Windows Server environment. In this session, 
we will cover the various options available for HA in 
Exchange Server and the process involved in getting 
from a non-HA solution to a HA solution. 


EXC05: E-mail Message Security Revisited 

JIM MCBEE 

The anonymous nature of SMTP makes Internet 
mail inherently secure and should make every 
message you receive subject to scrutiny. While 
e-mail is frequently cited as one of the most 
valuable business tools available today, it also 
remains an easy avenue for hackers, identity theft, 
and information loss. This session will review some 
technologies that are available today to help 
improve the security of e-mail that you send and 
receive as well as possibly helping you to ensure 
that the e-mail you send or receive is authentic. In 
this session, we will cover topics such as sender 
protection framework (SPF), S/MIME, and digital 
rights management and how these technologies 
may be similar or different. 

EXC07: Exchange 2010 and Virtualization 

DONALD LIVENGOOD 
Running Exchange roles on virtual machines (VM) 
is nothing new and it has been done for many years 
prior to Microsoft specifically supporting it. With 
Microsoft's official support for most Exchange roles 
on a VM, the introduction of Hyper-V, and the new 
version of Exchange 2010; interest in a VM 
deployment is at its peak. This session will cover 
some of the best practices in deploying Exchange 
2010 on a Hyper-V platform, compare and contrast 
the HA capabilities of Hyper-V & Exchange, and 
provide general guidelines for moving forward with 
an Exchange 2010 deployment on a Hyper-V 
platform. 

EXC08: Exchange 2010 Deployment and 
Migration Best Practices 

KIERAN MCCORRY 
Exchange 2010 is yet another version of Exchange. 
Its architecture and topology is similar to that 
introduced with Exchange 2007, but there are some 
important changes and restrictions on interoper¬ 
ability that any organization in the early stages of 
planning a move to Exchange 2010 should be aware 
of. This session will give an overview of the best 
practices for Exchange 2010 deployment and focus 
on the interoperability and migration aspects from 
previous versions of Exchange. 
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EXC09: Exchange 2010 HA and Database 
Availability Groups 

DONALD LIVENGOOD 
High Availability (HA) in Exchange 2010 is more 
powerful, yet less complex than in previous 
versions of the product. By extending the HA 
capabilities present in Exchange 2007, Exchange 
2010 provides a common framework for both HA 
and Disaster Recovery (DR). At the same time, 
features such as Single Copy Clusters have been 
removed, but then, so have previous limitations 
such as multi-server roles co-existing on servers 
providing HA. Many new concepts have been 
introduced such as the Database Availability 
Group, and even tried-and-true operations such as 
backups have evolved. This presentation will focus 
on the HA & DR features in Exchange 2010 and 
discuss the impact and changes these bring to 
deployment scenarios. 

EXC10: Exchange 2010 Information 
Protection and Retention 

KIERAN MCCORRY 
Exchange 2010 brings with it the most 
comprehensive set of Exchange features yet from 
Microsoft to help you safeguard and protect your 
data and where it goes in your Exchange 
organization. This new version has sophisticated 
rules for controlling information flows within the 
organization and taking actions when certain 
events occur. In addition, Exchange 2010 has a 
completely revamped model for information 
retention and archiving by means of the Online 
Archive. This session will describe those new 
features and explain what it means for you as a 
system administrator and your users as 
information workers. 

EXC11: Exchange 2010 Overview 

DONALD LIVENGOOD 
Exchange 2010 is the newest version of Microsoft's 
Messaging system and, naturally, it brings with it 
quite a lot of new features, functions, and 
capabilities. This session will provide a high-level 
overview of those features and functions and will 
conclude with some questions to consider before 
moving forward with Exchange 2010. 


EXC06: Exchange 2010 — Better with What? 

KEVIN LAAHS 

The "Wave 12" set of products (Office, OCS, 
SharePoint and Exchange 2007) had some pretty 
neat integration points such as being able to browse 
SharePoint libraries from OWA, take SharePoint lists 
offline through Outlook, and consume free/busy 
information in Communicator. Are all these 
integration points still available? What new 
opportunities exist when Exchange 2010 hits the 
streets and how will other forthcoming products 
likely leverage the Exchange 2010 platform? 

EXC12: Exchange Server 2007 
Management Shell Mini-Cookbook 

WILLIAM LEFKOVICS 
This session will look at a series of solutions for 
common Exchange issues using the EMS. You'll learn 
about such tasks as creating and testing Edge Server 
synchronizations, configuring OWA with the 
swiss-army-knife cmdlet Set-OWAConnectivity, 
managing databases and storage groups, and 
configuring users and distribution groups. Finally, 
we'll look at recipes for transport rules and 
anti-spam configuration. 

EXC13: Exchange Server: 

Your Top Questions Answered 

JIMMCBEE 

If you follow the Internet newsgroups or Web 
forums, you will begin to see a common thread 
amongst many of the questions. Administrators are 
frequently asking what are the best practices for 
running their Exchange Servers? What are the best 
tips and tricks for keeping Exchange Server running 
optimally? What should you be doing on a daily 
basis? Topics covered in this rapid-fire session will 
include Exchange security, MIME versus Rights 
Management (RMS), who should be worried about 
archiving and retention, performance optimization, 
spam fighting techniques, mobile device security, 
and more. 

EXC14: Extending Exchange 2010 

KEVIN LAAHS 

What options exist to extend the feature set that 
Exchange 2010 offers? In this session, we take a look 


at how you can build your own management 
utilities through PowerShell, how you can extend 
the SMTP transport engine and how you can 
leverage Exchange Web services to communicate 
with Exchange-based data in your own applica¬ 
tions. 

EXC15: Introduction to Developing with 
Exchange Web Services 

WILLIAM LEFKOVICS 
Exchange 2007 replaced several deprecated 
developer APIs to consolidate under the umbrella of 
Exchange Web Services. Exchange 2010 expands on 
that commitment, including an Exchange Web 
Services Managed API. We will take a high level 
view of what is possible with EWS including 
reporting, mailbox intelligence, and even creating 
your own e-mail client. 

EXC16: Migrating from Exchange 2003 

MICHAEL B. SMITH 
Exchange 2003 was a rock-solid implementation of 
Exchange Server. The day comes though, when it's 
time to move to a more current release of Exchange. 
In this session, we'll discuss the migration process 
from a design and deployment perspective with a 
emphasis on real-world concerns and problems that 
you may run into. 

EXC17: Migrating to Exchange 
High-Availability Solutions 

MICHAEL B. SMITH 
Replication is not the only way to have high 
availability in an Exchange environment. In this 
session, we will cover the various options available 
for HA in Exchange Server and the process involved 
in getting from a non-HA solution to a HA solution. 

EXC18: My Exchange 2007 Server Crashed! 
Now What Do I Do? 

WILLIAM LEFKOVICS 
It has been rumored that Exchange Server can fail, 
especially when the hardware beneath it fails and 
no high-availability solutions are deployed. What do 
you do when this happens? We will look at basic 
disaster recovery using the Recovery Storage group 
and a dial tone restore to get users back online as 
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fast as possible. We will look at the impact of Cached 
Exchange Mode as well. We will try to create a 
formal checklist for those SMBs who depend on 
their single server deployments. 

EXC19: No SCOM? No MOM? 

You Still Have a PAL 

WILLIAM LEFKOVICS 
Not every company can or wants to deploy SCOM 
(formerly MOM) to manage and monitor their server 
deployments. Windows comes with a basic tool 
called, or at least known as, Performance Monitor. 
Exchange 2007 Server adds a plethora of perfmon 
counters for each role. PAL, Microsoft's free 
Performance Analyzer tool, will help you create 
charts (in HTML—managers love charts) for 
management and monitoring from perfmon logs of 
key Exchange counters. We will walk through the 
requirements (Office Web components, Log Parser, 
Codeplex) and configuration (XML config files) to 
produce a simple monitoring solution. 

EXC20: The Microsoft UC Voice Story 

LEE MACKEY 

Now that Microsoft has entered the voice world, 
how does a Microsoft administrator begin on their 
UC journey? What are the questions that you need to 
know, and how do you successfully win over the 
telephony and security groups? What are the 
questions to ask to have a successful deployment for 
Voice, and how do you tie Microsoft UC into all of 
the Voice pieces you may or may not have in your 
company? This session will get you started on that 
UC Voice journey and get you armed with the right 
questions for success. 


EXC26: The Exchange Server Store 
Demystified, Part 1 

PETER O'DOWD 

So just how does the Exchange Store work? 
Understanding this is critical to improve your 
chances of recovery from a disaster. Find out 
how, with topics including: Log files and 
database signatures; correct use of eseutil; 
checkpoint depth; missing log files; why have 
storage groups, why aren't they in Exchange 
2010? What is in the header of a database, why 
do I care? Peter has travelled the globe teaching 
both inside and outside of Microsoft on this 
topic. If you want to understand the store then 
this is your session. 


extend applications with UC and shorten the 
sales cycle, shorten decision times, and 
improve business processes? This session will 
cover why UC is important to you and your 
company, and the types of conversations you 
want to have with management in order to 
save money and do more with less. 


EXC22: The OCS R2 UC Device Story 

LEE MACKEY 

This session will cover all of the UC devices from 
Microsoft, Jabra, Polycom, LG Nortel, and others 
that are used today for OCS and Exchange. The 
session will go over the different scenarios where 
they are best deployed, as well as walking through 
configurations for users. It's critical to understand 
how UC devices can help you as an administrator in a 
UC deployment as well as save money and win over 
end users. Why buy a desk phone when you don't 
need one? We'll also be covering new devices from a 
number of new vendors as well as showing demos of 
the hardware in action. This will help you as a 
Microsoft OCS Admin to determine how to size and 
select the devices your different end users will need. 


EXC23: VSS and the Exchange Administrator 

MICHAEL B. SMITH 
VSS is the mechanism used by Exchange 2007 and 
above for taking backups (and is supported by 
Exchange 2003). In this session we will take a deep 
dive into the details of VSS and how it works with 
Exchange. The Exchange administrator will also 
learn how to use VSS snapshots and backups as 
Recovery Storage Group targets. 


session will explore the most useful of these 
counters and look at acceptable maximum or 
minimum values. We will also cover best practices 
when monitoring Windows and Exchange server as 
well as topics such as understanding how to monitor 
disk subsystems and disk I/Os per second (I0PS). 


EXC21: The OCS R2 Story 

LEE MACKEY 


EXC24: Zen and the Art of Exchange 
Performance Monitoring 

JIM MCBEE 


EXC26: The Exchange Server Store 
Demystified, Part 2 

PETER O'DOWD 


As Microsoft releases OCS R2 and Exchange 2010, 
how do these products work better together and 
how do you implement them to save money and do 
more with less? Most of the time, the requirement 
to do more with less is one of the most difficult chal¬ 
lenges we face as admins. So how do you convince 
management to move forward on a UC journey and 
what types of things can you do to make 
improvements on day to day business? How do you 


One of the most powerful tools in the Exchange 
administrator's arsenal is the Windows Performance 
console. The Performance console includes the 
System Monitor tool and the Performance Logs and 
Alerts tool. These allow you to either view in 
real-time or record performance activity on a 
Windows server. However, even if you limit your 
scope to just counters installed for Exchange Server, 
there are literally thousands of these counters. This 


This is a continuation on from the first ses¬ 
sion. Now that we understand the pieces of what 
makes up a store. Let's look at how Exchange 
Server 2003, Exchange Server 2007, and Exchange 
Server 20 re schema, backups and other store 
technologies. Peter has travelled the globe 
teaching both inside and outside of Microsoft on 
this topic. If you want to understand the store 
then this is your session. 
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Pre-Conference Workshop • WINDOWS 

WPR301: Group Policy Essentials, 
Security, and Best Practices (9AM - 12PM) 

JEREMY MOSKOWITZ 

Additional Fee: $199 

Group Policy is the most efficient way to manage 
desktops in a Windows environment. If you are still 
running to machines to install and configure desktops, 
you are not taking full advantage of the power of Group 
Policy. In this practical workshop, Jeremy Moskowitz will 
help you gain control of your XP, Vista and Windows 7 
environment and get your life back. This is the perfect 
workshop to take before doing "deep dives" into the 
main sessions of the conference. You'll get a little bit of 
everything: essentials, configuration, control, and 
security! Well warm up with some Group Policy basics. 
Then, you'll learn how to get your XP, Vista and Windows 
7 client machines humming with some new life. Jeremy 
will show you how to manage your environment with 
GPOs. You'll get some"solid base hits"to ensure you can 
go back to work with some good ideas you can 
immediately put to use. For instance, learn how to zap 
printers down to your computers, and remotely deploy 
software to your users'desktops, and learn how to use 
Group Policy to secure collections of machines. You'll 
also get an overview of the Group Policy Prefer¬ 
ences—21 tools to help you get you out of login-script 
hell. We'll examine how Group Policy can do the heavy 
lifting to the jobs you want to do! This session has XP, 
Vista and Windows 7 content. (NOTE: Some material is 
repeated in Jeremy's regular sessions as reinforcement.) 

WPR302: Implementing Server Virtual¬ 
ization in Your Company (1 PM - 4PM) 

ALAN SUGANO 

Additional Fee: $199 

This workshop will give you the information to formulate 
a virtualization strategy for your company. It will cover 
the basics of virtualization including server hardware 
configuration, virtualization software, and tips to identify 
physical servers that are good virtual server candidates. 
We'll examine migration strategies from the physical to 
the virtual world, backup strategies for your virtual server 
hosts and guests, high availability solutions using 
Microsoft Clustering and Virtual Server 2005/Hyper-V 


and ESX Server with High Availability, virtualizing Server 
2008 and tips for incorporating virtualization into your 
disaster recovery plan. There is a definite learning curve 
with the virtualization. Learn where the potential pitfalls 
are and how to avoid them when implementing this new 
technology. When properly implemented, virtualization 
has the potential to save on hardware costs, simplify 
server management, ease bare metal restores and 
provide high availability for your server infrastructure. 

HPR303: SharePoint Jump Start: 
Reimagining Collaboration (9AM - 4PM) 

DAN HOLME 

Additional Fee: $399 

If you are new to SharePoint, or are trying to wrap your 
head around the massive potential of this powerful 
platform, you'll be the hero of your enterprise when you 
bring back the solutions you discover in this fast-paced, 
full-day preconference workshop. Dan Holme, a Microsoft 
MVP for SharePoint, will dive deep into the configuration, 
customization, and management of SharePoint 
collaboration. You'll learn to build SharePoint solutions 
that address common enterprise challenges, and you'll be 
amazed just how much you can do with Windows 
SharePoint Services (WSS) without having to pay for 
Microsoft Office SharePoint Server (MOSS). Topics include: 

• SharePoint Administration Jump-Start: What you need 
to know to administer SharePoint effectively, in 90 
minutes or less. 

• How to use SharePoint document libraries as a 
replacement for traditional file shares. 

• Driving effective collaboration and end-user 
adoption with Microsoft Office 2007 applications as 
SharePoint clients. 

• How to build "Business Intelligence Lite", no-code, 
and low-code SharePoint solutions using Office 2007 
and SharePoint Designer. 

HPR301: SharePoint Bl - Building 
Dazzling Dashboards and Sizzling 
Scorecards in SharePoint (9AM - 4PM) 

KEVIN ISRAEL AND JESSICA MOSS 

Additional Fee: $399 

Data everywhere and not a dashboard to be found! This 
workshop gives you the lowdown, hands-on approach 
to building those amazing SharePoint dashboards and 
scorecards that we have been hearing about. This 
session covers how to get to and aggregate that data, 


then utilize Bl tools such as PerformancePoint to build 
intelligent dashboards on top of it. 

EPR301: Building Your Own User 
Provisioning System (BRING YOUR OWN 
LAPTOP) (9AM-4PM) 

MICHAEL B. SMITH 

Additional Fee: $399 

Prior to the release of PowerShell, going through the 
various machinations required to provision and modify 
users drove many organizations to purchase third-party 
solutions or stick with the tried-and-true Active 
Directory Users and Computers. 

In this workshop, we will design and implement a 
GUI-based provisioning tool built in PowerShell.The user 
will also receive a short but intense introduction to the 
Windows GUI processing paradigm and investigate a 
couple of GUI tools that are available for PowerShell. 

Bring your own laptop and take home your own working 
code. A basic knowledge of PowerShell is required! 


NOVEMBER 13, 2009 


Post-Conference Workshop • WINDOWS 

EPS301: Exchange 2010, a Unified 
Communications Odyssey 
(9:00AM-4:00PM) 

WADEWARE - PETER O'DOWD, 

LEE BENJAMIN 

Additional Fee: $449 

Take this one-day journey through Microsoft Exchange 
Server 2010 and experience its new and improved 
features. Let the MVP team of Peter O'Dowd and Lee 
Benjamin lead you through hands-on-labs, including: 

• Archiving —yes, now available out of the box. 

• Mailtips —find out if your recipient isn't available 
before sending the message. 

• Exchange Control Panel —Where users can 
manage their directory data and groups. 

• Role Based Access Control —Allows different types 
of users to search for different types of content across 
the organization. 

• Information Leakage and Protection —Transport 
rules and Rights Management Server unite. 

• Database Availability Groups —The new HA. No 
longer does a database need be associated with a 
single server. 

• Unified Messaging —Try the new voice to text 
translation, dial plans, and more... 
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This instructor led hands-on-lab experience will get 
you deep into Exchange and guide you through these 
features, showing you how they are configured and 
how they can be used to improve your organization's 
Unified Communications platform. 

WPS301: The Desktop Is Disappearing: 
Reimagining Cost, Deployment, Security 
and Support (9AM-4PM) 

DAN HOLME 

Additional Fee: $399 

The desktop is an endangered species. In this age of 
remote desktop, thin clients, laptops, mobility, and 
desktop and application virtualization, your enterprise 
must re-imagine how you architect and deliver the 
end user experience. This session aims at an 
"appliance" approach to desktops, so that the "image" 


applications, data and settings are managed so that 
users and budgets are liberated from the constraints of 
the "one user, one PC" model of the past. Unfortu¬ 
nately, the number of moving parts makes this a 
complicated endeavor. Dive deep into a discussion of 
the requirements, the solutions, and the best practices 
that you can apply to automate, provision, secure, and 
support the transition to a world where the desktop is 
a toaster, and perhaps a virtual toaster at that! This 
session will cover: 

• Deployment Blast Through: A rapid-fire, practical 
guide to automating deployment with the Microsoft 
Deployment Toolkit and Windows Deployment Services. 

• Provisioning Applications and Configuration: 
Workflows, tricks, and tools to provision applications 
to users effectively, whether you use SCCM, another 
management tool, or the "do it yourself" application 
management tools you'll learn to build. 


• Data Anywhere: A deep dive into the complexities 
of providing users consistent and reliable access to 
their data and settings regardless of whether they 
are on a connected, disconnected, or virtual device. 

• Support and Administration: Tricks and scripts for 
improving and provisioning secure, automated, and 
responsive support for the end user experience. 

• The Business Side of Deployment and Support: 
Guidance towards the business-level efforts required to 
transition to the locked down, mobile, and virtual world. 

HPS301: Developers Deep Dive to 
SharePoint Server 2010 (9AM-4PM) 

ANDREW CONNELL 

Additional Fee: $399 

SharePoint 2010 abstracts are under NDA until 

mid-August. Check the Web site for the updated abstract. 


A unique opportunity to get your technology and training 
from Microsoft and industry experts! 
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HOTEL INFORMATION 


November 9-12,2009 

Las Vegas, Nevada 

Mandalay Bay Resort and Casino 


HOTEL ACCOMODATIONS 

Mandalay Bay Resort and Casino, 3950 Las Vegas Blvd. South 
Las Vegas, Nevada, is the conference site and host hotel. SPACE 
IS LIMITED so reserve your room early by calling the conference 
hotline at 800/505-1201 or 203/268-3204. 

Reserver your room early to take 
advantage of great hotel discounts! 



AIRLINE 

Please call PericasTravel at 203/562-6668 for 
airline reservations. 

CAR RENTAL 

Hertz is offering auto rental discounts to attendees. Call the 
Hertz Meeting Desk at 800/654-2240 for reservations and refer 
to code CV#010R0039 (Hertz) under Connections Vegas to 
receive your attendee discount. 

ATTIRE 

The recommended dress for the conference is casual and 
comfortable. Please bring along a sweater or jacket, as the 
ballrooms can get cool with the hotel's air conditioning. 

TAX DEDUCTION 

Your attendance to a WinConnections conference may be 
tax deductible. Visit www.irs.ustreas.gov. Look for topic 
513 - Educational Expenses. You may be able to deduct the 
conference fee if you undertake to (1) maintain or improve 
skills required in your present job; (2) fulfill an employment 
condition mandated by your employer to keep your salary, 
status, or job. 

SPONSORSHIP/EXHIBIT 

INFORMATION 

For sponsorship information, contact: Rod Dunlap 

Phone: 480-917-3527 

e-mail: rod@devconnections.com 

See Web site for more details. www.WinConnections.com 


GROUP DISCOUNT 

Register individuals from one 
company at the same time and 
receive a group discount. 

Call 800/505-1201 to take 
advantage of group discount pricing 

SHOW DISCOUNT 

Book 3 nights by September 1st at Mandalay Bay and receive a 
$100 Mandalay Bay certificate. Book NOW to get a special rate of $149 
(a limited number of rooms at this rate so reserve today). 

NOTES & POLICIES 

The Conference Producers reserve the right to cancel the conference by refunding the registration fee. Producers can 
substitute speakers and topics and cancel sessions without notice or obligation. Updates will be posted on our Web 
site at www.WinConnections.com.Tape recording, photography is not allowed at any session. Conference produc¬ 
ers will be taking candid pictures of events and reserve the right to reproduce. By attending this conference you 
agree to this policy. You may transfer this registration to a colleague by notifying us before the start of the event. 
Please inform us if you have any special needs or dietary restrictions when you register. 

The conference registration includes the following subscriptions. This is not an additional expense and subtrac¬ 
tion from prices listed is not permissible. Windows and Exchange Connections conference registration includes 
a one year (12 issues) print subscription to Windows IT Pro magazine for Windows and Exchange Connections 
conference attendees only. Current subscribers will have an additional 12-months added to their subscription. 
Subscriptions outside of the United States and Canada will be served in digital; $12.50 of the funds will be 
allocated toward a subscription to Windows IT Pro magazine ($49.95 value). 

Registration & Cancellation Policy: Registrations are not confirmed until payment is received. Cancellations before 
September 29th, 2009 must be received in writing and will be refunded minus a $100 processing fee. After 
September 29th, 2009 cancellations and no shows are liable for full registration, it can be transferred to the next 
WinConnections Conference within 12 months or to another person. Microsoft, Microsoft .NET, ASPNET, Visual Studio. 
NET, C#, Microsoft SQL Server, MSDN, Exchange and Windows are either trademarks or registered trademarks of 
Microsoft Corporation. All other trademarks are property of their owners. 


1-3 registrants 

$1,595 per person 

Additional registrants 
after the 3rd 

(4th, 5th, 6th...) 

$1,395 per person 

($200 off each) 
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Priority code 

Company 
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Street Address (Required to ship materials) 

City, State, Postal Code 


Country 

Telephone 

Fax 

E-mail Address (important) 


ONLINE 

www.WinConnections.com 

E-MAIL 

info@devconnections.com 

PHONE 

800/505-1201 *203/268-3204 

FAX 

203/261-3884 

MAIL 

Microsoft Exchange Connections 2009 
SharePoint Connections 2009 
Windows Connections 2009 
c/o Tech Conferences, Inc. 

731 Main Street, Suite C-3 
Monroe, CT 06468 


WINCONNECTIONS CONFERENCES For which conference are you registering? 

PRICE 

SUBTOTAL 

on or before September 1,2009 

$1495.00 


after September 1,2009 

$1595.00 


For which conference are you registering? 


PRE-CONFERENCE WORKSHOPS | Monday, Nov. 9,2009 | Lunch is included with full day workshops 

9:00am- 12:00pm 

Group Policy Essentials, Security, and Best Practices —Moskowitz 

$199.00 


1:00pm-4:00pm 

Implementing Server Virtualization in Your Company —Sugano 

$199.00 


9:00am-4:00pm 

SharePoint Jump Start: Reimagining Collaboration —Holme 

$399.00 


9:00am-4:00pm 

SharePoint Bl - Building Dazzling Dashboards and Sizzling Scorecards in SharePoint —Israel/Moss 

$399.00 


9:00am-4:00pm 

Building Your Own User Provisioning System in PowerShell (BRING YOUR OWN LAPTOP) —Smith 

$399.00 


POST-CONFERENCE WORKSHOPS | Friday, Nov. 13,2009 | Lunch is included with full day workshops 

9:00am-4:00pm 

The Desktop Is Disappearing: Reimagining Cost, Deployment, Security and Support —Holme 

$399.00 


9:00am-4:00pm 

Developers Deep Dive to SharePoint Server 2010 —Connell 

$399.00 


9:00am-4:00pm 

Exchange 2010, a Unified Communications Odyssey —O'Dowd/Benjamin 

$449.00 


CONFERENCE MATERIALS 

FULL CONFERENCE REGISTRATION INCLUDES MATERIALS FORTHE CONFERENCE FOR WHICH YOU REGISTER; YOU MAY PURCHASE MATERIALS FOR THE OTHER CONCURRENTLY RUN EVENTS. 

Windows Connections CD 

$75.00 


SharePoint Connections CD 
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Microsoft Exchange Connections CD 

$75.00 
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SCCM 2007 


Add Condition t Remove Remove All 

This group/step will run if the following conditions are met: 
Task Sequence Variable SMSTSClientCache not exists 


Figure 4: Preventing disk formatting 
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Figure 5: Clearing the PXE advertisement 


Package," at technet.microsoft.com/en-us/ 
library/bb632831 .aspx.) 

1. Navigate to Site Database, Computer 
Management, Operating System Deploy¬ 
ment, Task Sequences. 

2. Select Install an existing image 
package. 

3. Enter a name for the task sequence 
and select the option Boot image match¬ 
ing OS deploy type. (Alternatively, you can 
select the x86 option, which covers both 
x86 and and 64 architectures.) 

4. Specify the OS image, partitioning, 
product key, licensing, and administrator 
password action, as Figure 3 shows. 

5. Continue through the options for 
configuring the workgroup and domain to 
join. 

6. Under Install ConfigMgr, select the 
package you created for the SCCM client. 
Click through the rest of the screens. 

Note that you can configure patch and 
application deployments and can later 
change these settings through Task 
Sequences. 

By default, the disk formatting portion 
of the OS deployment is quite slow. To 
improve the speed, you can change the 
disk partition to the format and partition 
option, which has a fast format option. Add 
the rule to prevent formatting of the disk if 
a cache exists that SCCM created by default, 


as Figure 4 shows. 

Next, advertise the task sequence to 
the collection you created, by adding a 
mandatory advertisement. In my case, I 
wanted the advertisement to take place 
immediately because I had a controlled 
test collection. In a live environment, you 
might want to set a certain time to start the 
advertisement. You could advertise to the 
unknown computers collection, to allow 
OS deployment on unknown computers. 
However, you should be careful doing 
this, as I discussed previously. In fact, 
you should be careful with this advertise¬ 
ment in general, because if you create the 
advertisement to the wrong collection of 
computers, you could end up rebuilding all 
the computers in your company. 

Deploying the OS 

If you configured everything correctly, 
your test machine will boot over the net¬ 
work and install the OS when you turn 
it on. Although I used a Vista image for 
illustration purposes, you can use any OS 
for which you have a WIM. I later prepared 
a Windows Server 2003 WIM for the cli¬ 
ent by installing Server 2003 on a virtual 
machine (VM). I patched the Server 2003 
installation, making sure not to install vir¬ 
tual additions. I downloaded the correct 
version of Sysprep, ran Sysprep with the 
/generalize, /oobe, /shutdown, and 


/reseal switches, then booted into WinPE 
and captured a WIM file. I then imported 
the WIM file in SCCM and followed the 
steps I outline in this article. 

If you encounter problems, view 
SCCM's message and log files for help. 
Additional troubleshooting tips include 
the following: 

• If you have a problem with PXE, open 
the collection and clear the last PXE 
advertisement, as Figure 5 shows. You 
can then retest the computer with the 
full advertisement. 

• If you have a problem with WinPE, try 
enabling the command prompt in the 
boot images. Navigate to Site Database, 
Computer Management, Operating 
System Deployment, Boot Images, then 
right-click the boot image and select 
Properties. On the Windows PE tab, 
select Enable command support. After 
you update the boot images, be sure to 
refresh their distribution points. 

• If WinPE fails to partition or format the 
disk, use the DiskPart utility (disk 
part.exe) to partition and format the 
disk from the command line, then try 
deploying the OS again. This action 
will create the log file smsts.log, which 
will store failure information. I initially 
had problems accessing the SMSPXE 
IMAGES$ share, because the network 
access account lacked permission. 
When I tried to use the Net Use com¬ 
mand on the Wsccm server\SMSPXE 
IMAGES$ share, the command failed. 

Hands Off 

Now that you have an environment capable 
of deploying an OS contained in a WIM 
file, you can build on it to perform more 
automated OS configuration, services and 
application deployment, patch deployment, 
and driver deployment. Once SCCM is fully 
configured, you have a complete zero-touch 
deployment solution. ^ 

InstantDoc ID 102648 


John Savill 

(john@savilltech.com) is an advi¬ 
sory architect for EMC's Microsoft 
consulting practice. He's an 
MCITP: Enterprise Administrator 
for Windows Server 2008 and a 
nine-time MVP. His latest book is 
The Complete Guide to Windows 
Server2008 (Addison-Wesley). 



www.windowsitpro.com 


We're in IT with You 


Windows IT Pro 


OCTOBER 2009 41 





























SOLUTIONS PLUS 


STEP-BY-STEP 

SharePoint 

Disaster 

Recovery 


Careful planning is the 
key to easy recovery, 
but what if you haven't 
been so careful? 

by Randy Williams 

t's Sunday night, and you just got 
an urgent call from the office: Your 
Microsoft SharePoint server is down. 
After some investigation, you find 
that the disk array in your only front- 
end web server is dead. You groan, 
wishing that you'd implemented a complete 
farm backup from within SharePoint. How¬ 
ever, all is not lost. You know that SharePoint 
stores all its content in a separate SQL Server 
machine, and that server is fine. You spring 
into action, trying to get the environment back up before Monday morning. You ask yourself, 
What steps do I take? What settings will I lose? Will I get any sleep tonight? 

This article will answer these questions and more. The recovery I discuss is based on 
the two-server farm I've mentioned, but the principles also apply to larger farms. The first 
(crashed) server is running all your SharePoint services (or roles), and the second server is a 
dedicated SQL Server system. For the purposes of this article, I'm assuming that you're run¬ 
ning Microsoft Office SharePoint Server (MOSS) 2007, but most will also apply to Windows 
SharePoint Services (WSS). I also assume you're using Windows authentication and Active 
Directory (AD). Of course, your environment is likely to vary in some way, so these steps 
won't be applicable to all situations. Toward the end of the article, I'll also provide you with 
some recovery recommendations that you can use today to better protect your SharePoint 
investment. 



PROBLEM: 

You have a two-server SharePoint 
farm: one web/application server 
and one SQL Server system. Your 
web server is now dead, and your 
environment is down. Making 
matters worse: You don't have a 
SharePoint backup. Fortunately, 
your SQL Server system and all 
its databases are fine, and you 
want to salvage as much content 
as possible as you revive your 
SharePoint environment. 

SOLUTION: 

By re-creating your SharePoint 
farm on a new web server and 
pointing to existing databases, 
you should be able to recover 
most of your content. As you'll 
learn, having accurate and up- 
to-date documentation on the 
original system will go a long way 
toward helping you recreate your 
original environment. Following 
these steps, you'll rebuild and 
recover your SharePoint farm. 

SOLUTION STEPS: 

Step 1: Collect configuration 
settings (e.g., web applications, 
content databases, SharePoint 
version) from your original farm. 

Step 2: Build your new web server 
to match the original server. 

Step 3: Install SharePoint and 
updates to match original version. 
Create a new farm. 

Step 4: Enable services that were 
in use, such as Search. 

Step 5: Restore your web 
applications and attach any 
additional content databases. 
Restore your SSP, and point to 
existing databases. 

Step 6: Re-install any additional 
third-party programs, and 
adjust configuration settings as 
necessary to the farm. 

DIFFICULTY: 


oo 
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Recovery Overview 

SharePoint stores all content and most of 
its configuration in SQL Server databases. 
However, some configuration settings are 
stored only in Microsoft IIS and various 
web.config files. Custom code is often stored 
within the 12 Root (by default, C:\Program 
Files\Common Files\Microsoft Shared\web 
server extensions\12) or the global assem¬ 
bly cache. As you'll see, performing only a 
SQL Server backup isn't enough to ensure 
a smooth farm recovery. Perhaps the most 
significant drawback is that even with many 
configuration settings stored in a configura¬ 
tion database, this is not recoverable with¬ 
out a SharePoint-based farm backup. (To 
learn more about SharePoint farm backups, 
see "Back up a farm by using built-in tools" 
at technet.microsoft.com/en-us/library/ 
cc263298.aspx.) Nonetheless, you still have 
recovery options, so let's start by reviewing 
what you'll need. 

Assess Your Inventory 

Let's review the items you'll need to proceed 
with your recovery. Here are the primary 
items you should identify: 

• You'll need all your content databases 
(not including the one for central 
administration), your Shared Services 
Provider (SSP) service database, and 
your search database. All other data¬ 
bases will be re-created. 

• Identify your web applications and the 
settings that were in use. This should 
include your portal web application(s), 
your SSP web application, and your 
MySites web application, if applicable. 
Ensure that you know which content 
database(s) each web application was 
using. This is a critical reason why basic 
documentation for your SharePoint 
environment is so important. If you 
don't know or have this, try to remember 
and document as much as you can; dur¬ 
ing the recovery, you might experience 
some trial and error to fit everything 
back together. 

• Determine your farm's build version, 


which will tell you what service packs 
or other updates have been applied. To 
get this information when your farm is 
down, open a query window on your 
SQL Server system. In the SharePoint 
config database, run a Select * From Ver¬ 
sions command. In the results window, 
look for the highest value in the version 
column. Common build numbers are 
12.0.0.4518 Original release (RTM), 
12.0.0.6219 SP1,12.0.0.6318 Infrastruc¬ 
ture Update, and 12.0.0.6421 SP2. 

• Identify the SharePoint domain service 
accounts and passwords that were in 
use. If you're uncertain what accounts 
you have, you can obtain them from 
your SQL Server system's Logins folder. 
(Note that you might have other login 
accounts in addition to SharePoint, 
and you'll also need to specify which 
account is used for which service.) If 
you don't know the passwords, you can 
reset them in AD. Here are the domain 
accounts and a naming convention I 
often use: setup/admin account (MOSS 
.Admin); server farm account, aka the 
database access account (MOSS.Farm); 
application pool accounts (MOSS.Portal 
AppPool, MOSS.SSPAppPool); SSP Ser¬ 
vice account (MOSS.SSPService); Farm 
Search Service account (MOSS.Search); 
and Crawler account (MOSS.Crawler). 

• Identify any third-party applications and 
SharePoint Solutions (.wsp files) that 
will need to be reinstalled. 

• Identify the new physical or virtual 
server that you'll use as your front-end 
web server. 

• Ensure that you have your MOSS instal¬ 
lation media and license key. 

Recovery Steps 

Now that you've made an inventory of all 
the necessary components, let's proceed 
with the suggested recovery steps. (When 
you're entering the service accounts in the 
steps below, I recommend that you precede 
the accounts with the domain name—for 
example: domain\MOSS.Farm.) 

1. Install the original OS version on 


your new server, and don't be tempted to 
upgrade the OS at this point. It's technically 
possible but adds another level of complex¬ 
ity to your recovery effort. Keep all other 
settings (e.g., server name, IP address) the 
same, if possible. 

2. Add the MOSS. Admin account to 
the local administrators group on the new 
server. Make sure this account also has 
logon permissions to your SQL Server 
system and is a member of the Sysadmin 
server role. 

3. Remove the previous computer 
account from AD, join the new server to the 
domain, and reboot. 

4. Install IIS. 

5. Install the same .NET Framework 
version that you had on the previous server. 
At a minimum, this would be version 3.0. 

If you don't know, install the latest version, 
which is version 3.5 SP1, as of this writing. 

6. Install MOSS. Start by logging on as 
your administrative account (MOSS 
.Admin). Run the MOSS setup program 
from your installation media. As with all 
SharePoint installations, the recommenda¬ 
tion is to use the Advanced and then Com¬ 
plete options. These options give you the 
most flexibility, letting you have this Share- 
Point server run any roles needed (e.g., 

Web Application, search) You can install 

a slipstreamed version provided it isn't 
newer than the build you had previously. 

7. Before creating the farm, install all 
updates to match your previous build 
version. When doing this, make sure you 
apply the individual WSS update first and 
the MOSS update second. For example, to 
get to build 6318, install in this sequence: 
WSS SP1, MOSS SP1, WSS Infrastructure 
Update, MOSS Infrastructure Update. After 
each update, the SharePoint Products and 
Technologies Configuration Wizard will 
start. When it does, simply cancel it. 

8. Once you've applied the updates, 
you're ready to create the server farm. Start 
by launching the SharePoint Products 
and Technologies Configuration Wizard, 
which you can access in the Microsoft 
Office Server group on the Start menu. 
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When prompted, create a new server farm. 
Next, specify the name of your SQL Server 
system and the name of your SharePoint 
config database. If you're using the same 
database name that you used in your old 
farm, you must delete the old database 
first. For the username, enter the name of 
your server farm account (MOSS.Farm). 
Click Next, then enter the desired port for 
the Central Administration Web applica¬ 
tion and set the proper form of authen¬ 
tication (i.e., NTLM or Kerberos). When 
you see the summary that Figure 1 shows, 
review it and click Next to create the farm. 

9. Start the Search service. After the 
farm is created, the Central Administra¬ 
tion web site should automatically appear. 
If the system prompts you to log on, use 
your MOSS.Admin credentials. To start the 
search service, first go to the Operations 
tab and choose Services on server. In the list 
of services, click Start next to Office Share- 
Point Server Search. In the resulting dialog 
box, select both check boxes at the top to 
make the server an index and query serv¬ 
er. For the Farm Search Service Account, 
enter the appropriate account (e.g. MOSS 
.Search). 

10. Start any additional services that are 
in use, such as Excel Calculation Services. 


For MOSS, you might not need the WSS 
Search service because it's used only to 
index the Help collection. 

11. Re-create each of your Web applica¬ 
tions. You'll need to do this for your SSP 
Web application, your MySites Web appli¬ 
cation (if applicable), and each additional 
Web application that your farm was using. 
For each one, follow these steps: Go to the 
Application Management tab, choose Cre¬ 
ate or extend Web application, then select 
Create a new Web application. Enter the 
port and host header. In most cases, you 
can keep the path as the default. If this web 
application was using SSL, specify that 
here. Enter the application pool creden¬ 
tials. In most cases, each web application 
should use a separate application pool 
with unique credentials. For example, for 
the SSP web application, you would use a 
logon such as MOSS.SSPAppPool. Finally, 
and most important, enter the name of 
your SQL Server system and one of the 
content databases used for this web appli¬ 
cation. SharePoint will recreate this website 
in IIS, register it in the new config database, 
and link it to your existing content data¬ 
base. If you previously extended any of 
your Web applications (e.g., configured an 
intranet for extranet access), you should 



Figure 1: Creating the Farm 


reapply this now. 

12. Associate remaining content data¬ 
bases with your web applications. This 
step is necessary only if you have multiple 
content databases for your web applica- 

You really don't 
SharePoint 
on a 

tions. Go to the Application Management 
tab, access Content databases, and select 
Add a content database. Ensure that you've 
selected the correct web application at the 
top, then specify each additional database 
name. 

13. Restore your SSP. In the navigation 
menu on the left inside Central Adminis¬ 
tration, click Shared Services Administra¬ 
tion, then Restore SSP. For SSP Name, enter 
the name of your SSP, such as Shared- 
Services 1. For Web application, select 

the Web application that you just created 
for your SSP. If you were using a separate 
Web application for My Sites, clear the 
use existing location check box. If you get 
warnings here, just acknowledge them 
and then select the Web application used 
for My Sites. Next, enter the SSP Service 
Credentials (e.g. MOSS.SSPService). Enter 
the name of the SSP Database and then the 
name of the Search Database. Finally, set 
the desired folder for the index file loca¬ 
tion. This should be on a drive letter that 
has plenty of space, so the C default is not 
usually a good choice. 

14. Reset IIS. The easiest way to do so is 
to click Start, Run, and type iisreset. 

15. Reinstall any third-party applications 
or SharePoint Solutions. These can include 
custom IFilters (e.g., to index PDF files), 
custom web parts, and so on. For more 
information about SharePoint Solutions, 
see the "Solutions Overview" at msdn 
.microsoft.com/en-us/library/aa543214 
.aspx. 

16. Apply any additional configura¬ 
tions. This is the most problematic area 
because SharePoint changes might occur 
in a number of ways. Here are some com¬ 
mon areas where you might need to make 
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modifications: alternate access mappings 
(AAM), web.config changes to your web 
applications, code deployed to bin folders 
or global assembly cache, IIS settings (e.g., 
reloading and binding your SSL certificate), 


changes to 12 Root (e.g., Features or Site 
Definitions), web application policy set¬ 
tings, and incoming/outgoing email—in 
general, anything on the Operations tab in 
Central Administration. 

17. Issue a full crawl of all your content 
sources, which will re-create SharePoint's 
search index. Because your index files were 
lost on the old server, you must re-crawl. 
Within your newly restored SSP, click 
Search settings , then Content sources and 
crawl schedules. For each content source, 
select Start Full Crawl from the context 
menu. Depending on the amount of con¬ 
tent, the full crawl can take from minutes to 
days to complete. 

18. Last, but definitely not least, fully 
test your SharePoint websites to validate 
your work. Errors could range from minor 
web-part problems on pages to full sites not 
displaying at all. The cause of errors is most 
likely configuration settings or missing files. 

Recommendations 

As you can see, not having a SharePoint- 
specific backup makes the recovery process 
much more painful, and you run the real risk 
of ending up with one or more inoperable 
components. Here are some recommenda¬ 
tions that can mitigate this risk and ensure 
that your recovery is quick and easy. 

• Perform regular SharePoint-specific 
farm backups. You can do this manually 
through Central Administration (on the 
Operations tab, select Perform a backup ) 
or by using the stsadm.exe command¬ 
line utility. One advantage to stsadm.exe 
is that you create a Windows scheduled 
task to run on a recurring basis. Here's 
the basic syntax for a full farm backup 
using stsadm.exe: 


stsadm -o backup -directory <unc path> 
-backupmethod full 

You must run this command from one of 
your SharePoint servers, preferably run¬ 


ning as your SharePoint admin account. 
Also, the service account running the 
MSSQLServer service on your SQL 
Server system must have Modify permis¬ 
sions to this UNC share and the underly¬ 
ing NTFS folder. 

Because a farm backup doesn't include 
everything, you should also back up 
your inetpub\wwwroot folders, your 12 
Root folder hierarchy, and IIS. (For Win¬ 
dows Server 2003, use iisback.vbs; for 
Windows Server 2008, use appcmd.exe.) 
For more powerful and granular recov¬ 
ery options, consider third-party backup 
software such as AvePoint's DocAve, a 
popular and respected app. 

When you upgrade the farm (e.g., install 
SP2), perform a farm backup before and 
after the upgrade. Creating a backup 
following an upgrade is recommended 
because you'll now be at a newer build 
and previous backups are more difficult 
to restore. 

Maintain a configuration change log. 
This can be a simple document that 
describes the updates that were made 
to the farm—for example, upgrading to 
SP2, installing a custom application, or 
manually changing a web.config setting. 
For obvious reasons, don't store this file 
in SharePoint. 

For environments that can't afford 
downtime, you should build a recovery 
farm and configure it through step 7 
above. (For more information about 
building a recovery farm, see "Create a 
recovery farm" at technetmicrosoft 
.com/en-us/library/cc288425.aspx.) 
Doing so will speed up the recovery. 
Also, consider an additional web front 
end and cluster or mirror SQL Server to 


add additional fault tolerance to your 
farm. Incidentally, SharePoint is sup¬ 
ported in a virtual environment, and 
it's common to have a recovery farm in 
either VMware or Hyper-V. 

• Perform trial restores to your test/recov¬ 
ery farm. Doing so will ensure that your 
backups are working and that you know 
how to perform a restore. You really 
don't want to learn how to perform a 
recovery during a disaster on a Sunday 
night. 

• When deploying custom code to your 
farm, use SharePoint Solutions. Share- 
Point Solutions are the best way to 
deploy custom updates to your farm. If 
your organization has a development 
team that is building SharePoint soft¬ 
ware, insist that they also create a solu¬ 
tion package to deploy it. 

• Keep your content databases small. The 
larger your content databases are, the 
longer they will take to restore. In gen¬ 
eral, I recommend keeping each content 
database under 200GB. 

• Use an intuitive naming convention 
for your databases. As you can see, you 
might need to map your content data¬ 
bases to your web applications. Using a 
naming convention will make that much 
easier. 

Earn Some Rest 

We've now walked through a SharePoint 
recovery using only SQL Server databases. 
Remember that you won't be able to recover 
all your configuration settings; however, now 
that you understand how this kind of recov¬ 
ery works, you should be able to get your 
farm online within a few hours. Knowing 
the limitations of a database-only recovery 
should encourage you to consider additional 
backup options, along with my other recom¬ 
mendations. Only then can you be sure to get 
home in time to get some sleep. ^ 

InstantDoc ID 102572 
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is a SharePoint Server MVP and 
senior consultant and trainer for 
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want to learn how to perform a 
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■ Office 2010 

■ Google OS 


■ Firefox 

■ SharePoint 


Kace and Bomgar Announce 
Partnership 

Systems management appliance vendor 
Kace Systems and remote support special¬ 
ist Bomgar announced that they've inked 
a partnership deal. Under the terms of the 
agreement, Kace customers using a Kbox 
appliance will be able to access Bomgar's 
remote support products from within 
the Kbox management console. "Our 
partnership with Bomgar is derived from 
a common vision—bringing innovative 
and robust appliance-based technology 
to market, which can be easily deployed 
and used by organizations of all sizes yield¬ 
ing unparalleled investment return rates," 


said Marty Kacin, president, CTO and co¬ 
founder of Kace in a statement announcing 
the partnership news. "Through this part¬ 
nership, we continue to expand the suite 
of automation and security solutions avail¬ 
able to our customers—providing them 
unmatched systems management and 
remote desktop control capability, all 
delivered within the industry's most inno¬ 
vative stack of appliance offerings."To learn 
more about the vendors, visit www.kace 
.com or www.bomgar.com. 

Google to Take On Windows with 
New OS 

It's official: Google will compete head-to- 


PRODUCT 

UfJ l H tfi » : ji -l 

Microsoft Announces Office 2010 Technical Preview 


Microsoft unveiled the first major mile¬ 
stone of its upcoming Office family 
of products. Dubbed the Office 2010 
Technical Preview, this prerelease 
version of Office includes Office 2010 
Professional and Visio 2010. Other Office 
2010 products and services—such as 
SharePoint Server 2010, Project 2010, 
the Office Web Applications, and Office 
Mobile 2010—will ship in prerelease 
form at a later date. 

"Office 2010 is the premier pro¬ 
ductivity solution across PCs, mobile 
phones, and browsers," says Microsoft 
Senior Vice President Chris Capossela. 
"From broadcast and video editing in 
PowerPoint, to new data-visualization 
capabilities in Excel and co-authoring 
in Word, we are delivering technology 
to help people work smarter and faster 
from any location using any device." 

Microsoft also revealed that it's 
streamlining the Office 2010 suite from 
eight editions to five. The company will 


deliver Office Professional Plus and Office 
Standard for enterprises, and Office Profes¬ 
sional, Office Home and Student, and the 
new Office Home and Business for con¬ 
sumers and small businesses. That latter 
offering includes Word, PowerPoint, Excel, 
OneNote, and Outlook. 

Additionally, Microsoft plans to deliver 
web-based versions of Word, Excel, 
OneNote, and PowerPoint via the Office 
Web Applications. This solution will be 
delivered to customers in three ways: 
via Windows Live for consumers, as a 
subscription service through SharePoint 
Online, and as a benefit to customers 
who subscribe to the company's Software 
Assurance volume-licensing program. A 
public beta of Office Web Applications is 
expected late 2009. 

Paul Thurrott has been using the 
Technical Preview for some time. For an 
exhaustive overview of this software, 
please visit www.winsupersite.com/office/ 
office2010_tp.asp. 



Brian Reinholz | breinholz@windowsitpro.com 

Editor's Note: Send new product announcements to products@windowsitpro.com. 


head with Microsoft's dominant Windows 
OS with a new system called Google 
Chrome OS. Based on the Google Chrome 
browser and not its previous OS effort, 
the smartphone-based Android system, 
Google Chrome OS will initially be aimed 
at netbooks and will ship on new devices 
in the second half of 2010. Google notes 
that the Google Chrome OS will run on 
x86- and ARM-based systems and will be 
made available on multiple PCs by a num¬ 
ber of PC makers. It's based on the Linux 
kernel, Google says, and will feature a new 
windowing system that runs the Chrome 
browser. The application platform will be 
purely web-based and will work on any 
standards-based browsers on Windows, 
Mac, and Linux. To learn more, visit google- 
blog.blogspot.com/2009/07/introducing- 
google-chrome-os.html. 



Mozilla Releases Firefox 3.5 

Mozilla yesterday unleashed its latest 
web browser, Firefox 3.5, adding new 
functionality, performance improvements, 
support for leading-edge web standards, 
and improved customization options. 
Mozilla claims that Firefox 3.5—thanks to 
its dramatically improved JavaScript per¬ 
formance—is "two times faster than Firefox 
3.0 and ten times faster than Firefox 2.0 on 
complex websites." Other browser makers, 
such as Google and Apple, have been mak¬ 
ing similar performance claims recently, 
and each is also touting new JavaScript 
engines in its products. Mozilla's is called 
TraceMonkey. In the United States, Firefox 
accounts for about 20 percent usage share, 
compared with 73 percent for Internet 
Explorer (IE). The browser has consider¬ 
ably higher market share in Europe and, in 
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some countries—such as Finland, Poland, 
and Slovenia—Firefox actually outpaces 
IE and controls close to 50 percent of the 
market. For more information, and the free 
download, visit www.mozilla.com. 


I Quest Discovery Wizard for Share Point 


7 r<)W J*WA) A/k7(H) 

-» | m\m 1 if _ 

i';£ Quest Discovery Wizard for SharePoint 
El SharePoint Servers 
a l; T j] Reports 

1 SharePoint Server Details 
: -[§| SharePoint Server Summary 


SharePoint Servers 


an see the SharePoint servers you have found < 
i the SharePoint Discovery Wizard. 


your network. To discover new 


BBB 



SharePoint Freebies You Might Want 

Here are three free SharePoint tools to help 
you keep an eye on that deep, dark pond 
teeming with content. Quest Software's 
Discovery Wizard for SharePoint takes 
inventory of your MOSS 2007 and Share- 
Point Portal Server 2003 environments and 
displays the discovered results in an HTML 
report. Idera's SharePoint Performance 
Monitor enables monitoring of critical 
performance counters for SharePoint and 
sends email alerts when issues arise. 
AvePoint's DocAve SQL Restore Control¬ 
ler offers item-level, site-level, and site 
collection-level restores from active SQL 
Server databases and from SQL Server 
backups. Visit the associated vendor's web¬ 
site—www.quest.com,www.idera.com, 
www.avepoint.com—to learn more. 

Symantec Moves Client Security 
Monitoring to Cloud 

Symantec is attempting to address the 
increasing amounts malware and decreas¬ 
ing IT budgets by moving the tasks and 
updating and monitoring end-user protec¬ 
tion offsite. Symantec Managed Endpoint 
Protection Services, now available, 
transfers these tasks to Symantec itself. 

The new service is aimed at the enterprise 
level and provides 24/7/365 monitoring 
by Symantec. Symantec makes sure that 
anti-malware signatures and management 
consoles are updated and configured and 
monitors for threats. Symantec can also use 
the information to detect if an unprotected 
computer is connected to your network 
and spreading malware. If Symantec 
detects a problem, it contacts your com¬ 
pany within 10 minutes. Admins can log 
into Symantec's portal and view the com¬ 
pany's network as well, and Symantec can 
store your data for over 90 days in case 
you need it for compliance. Visit www 
.symantec.com for more. ^ 
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Prowess SmartDeploy Enterprise 


With Windows 7 debuting, it's time to once 
again review how you're deploying OSs to 
bare-metal hardware. Many times the solu¬ 
tion involves some kind of disk imaging 
technology that lets you make copies of a 
master hard drive. These proven technolo¬ 
gies have been around for many years and 
generally work well as long as the target 
hardware is exactly the same as the master 
computer. However, in reality, network 
computers are typically a hodgepodge of 
miscellaneous models from various manu¬ 
facturers. It's this real world where Prowess' 
SmartDeploy Enterprise really shines. 

How It Works 

If you've used disk imaging software before, 
you're familiar with the process of creating 
a master image for each hardware platform. 
With SmartDeploy, no matter how many dif¬ 
ferent computer brands or models you have 
on your network, you only have to create 
one master image. A separate file called the 
Platform Pack contains the device drivers 
and other hardware-specific files necessary 
to fill the gap between the vanilla master 
image and a computer's unique properties. 

For example, if your company has eight 
different computer manufacturer/model 
combinations, you'd create one master 
image and have eight Platform Packs. Plat¬ 
form Packs are available for many of the top 
computer manufacturers and models, but 
oddly there aren't any for Gateway comput¬ 
ers. Fortunately, SmartDeploy's Platform 
Manager lets you create custom Platform 
Packs, ensuring that you can always deploy 
your master image to any hardware. 

Installation 

SmartDeploy comes as a single-file down¬ 
load from the Prowess website and is 
licensed by adding a license file to the install 
directory.The installation is short and sweet, 
and is supported on Windows XP and later. 
Note that to use SmartDeploy, you need vir¬ 
tualization software. Microsoft Virtual Server 
2005 R2 SP1, Microsoft Virtual PC 2007 SP1, 
Windows Server 2008 with Hyper-V, VMware 
Workstation 5.5, Parallels Workstation 2.2, 
and Sun Microsystems'Sun xVM 2.0 Virtual- 
Box are supported. 


SmartDeploy in Action 

To use SmartDeploy, you first need to create 
a master image. To do so, use your favorite 
virtualization software to create a virtual 
machine (VM). On the VM, install the base 
OS and any applications you want to deploy 
to all your computers. 

After you've configured the OS and 
applications just the way you want them, 
power down the VM, open SmartDeploy, 
and start the Capture Wizard. This wizard 
runs you through the process of converting 
the virtual disk file to a Windows Imaging 
Format (WIM) file that you can deploy to 
bare-metal machines. According to the 
SmartDeploy documentation, you can aug¬ 
ment your existing Windows Deployment 
Services (WDS) infrastructure if you use this 
file format. 

The next step is to download or create 
the Platform Pack for your particular hard¬ 
ware. Platform Packs can be downloaded 
from the SmartDeploy Downloads web page 
(www.smartdeploy.com/products/down 
loads.aspx). Both your Platform Pack and WIM 
file should be stored on a network share. 

To deploy the master image to a bare- 
metal computer, boot the computer with 
the SmartDeploy Preinstallation Environ¬ 
ment (SmartPE). On SmartPE's main menu, 
which Figure 1 shows, click Deploy an image 
to bring up the Deploy wizard. This wizard 
walks you through mapping a drive to the 
network share that contains the WIM and 
Platform Pack files. Once connected, you can 
specify the time 
zone, language, 
screen resolution, 

IP address, and 
whether you want 
the computer in a 
domain. 

That's it! In 
a few minutes, 
you'll see the PC 
boot up to your 
company's stan¬ 
dard image. 


A Well Thought-Out Solution 

SmartDeploy is a well thought-out deploy¬ 
ment solution. It overcomes one of the 
major drawbacks of standard disk-imaging 
solutions—having to create a master image 
for each hardware platform—by providing 
Platform Packs to download at no additional 
cost. Admittedly, I was surprised that there 
weren't any Platform Packs for Gateway 
computers. Plus, I found that the steps to 
create a custom Platform Pack weren't intui¬ 
tive. (If you have to create a Platform Pack, 

I suggest that you contact the company's 
product support staff for assistance.) How¬ 
ever, despite these glitches, the next time 
one of my customers needs an OS deploy¬ 
ment solution, I'm going to take a serious 

look at using SmartDeploy. ^ 

InstantDoc ID 102652 


Prowess SmartDeploy Enterprise 

PROS: Simple disk imaging solution that lets 
you reduce the number of master image files; 
licensed per technician instead of per PC 

CONS: Creating Platform Packs isn't intuitive; no 
out-of-box support for Gateway PCs 

RATING: ♦♦♦♦O 

PRICE: $1,995 per technician 

RECOMMENDATION: If you have to deploy 
Windows to various hardware models from differ¬ 
ent vendors, SmartDeploy is the smart choice. 

CONTACT: Prowess • www.smartdeploy.com • 
888-733-7569 
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Welcome to SmartDeploy Enterprise 

SmartDeploy Enterprise helps you build, capture, 
and deploy system images of Windows® while 
simplifying hardware support and image updates. 

To begin, select a task on the left. For more information, 
review the SmartDeploy Enterprise User’s Guide or visit 
http ://www .smartdeploy.com. 

To open a command window, press Shift+F10. 


Figure 1: SmartDeploy allows easy deployment to dissimilar hardware 
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by Michael Otey 


Machine Manager (VMM) 2008 with new R2 releases. 

At first I decided to compare VMM to vSphere, but it soon became 
apparent that the scope of the products isn't equal. VMware's vSphere 
is a complete management platform. (See Web Sidebar 1, windowsit 
pro.com, InstantDoc ID 102710, for a list of its components.) The clos¬ 
est comparison isn't to VMM but rather to Microsoft System Center 
Enterprise Management Suite (see Web Sidebar 2 at InstantDoc ID 
102711). So instead, I compared how VMware's vSphere and Micro¬ 
soft System Center Enterprise Management Suite match up when 
addressing some of the important issues faced by IT administrators. 

Infrastructure Management: VMM vs. vSphere Client 

First, I compared management interfaces. Microsoft's offering for VM 
management is VMM, which provides a completely different manage¬ 
ment experience than the Spartan interface offered by Microsoft's 
Hyper-V Manager. VMware offers the vSphere Client. 

The VMM administrative console, which Figure 1, page 50, 
shows, lets you manage virtual machines (VMs) from multiple 
hosts—including ESX Server—for mixed virtualization management. 
VMM is cluster aware and automatically adds all nodes in a cluster; 
it can perform cluster configuration for both high availability and 
live migration. It also lets you manage other virtual assets including 
creating and storing templates, ISO images, sysprep answer files, and 
different standard hardware configurations. In addition to managing 
VMs, the VMM console can also perform physical to virtual (P2V) 
migration and virtual to virtual (V2V) migration for VMware VMs. 

One of the best features in VMM 2008 R2 is its integration 
with Windows PowerShell, so almost all of the actions can be 
easily scripted into PowerShell commands. However, one prob¬ 
lem I ran into while managing VMs with both Hyper-V Manager 
and VMM was that I occasionally wound up with orphaned VM 


onfirming what most people already know, an IDC 
study from October 2008 showed that VMware was the 
clear leader in the enterprise virtualization market¬ 
place, with 78 percent of the market. However, since 
the release of Windows Server 2008, Microsoft has been 
making a strong push in the enterprise virtualization 
market with Hyper-V. 

Last year, I compared VMware's ESX Server 3.5 and Windows 
Server 2008 Hyper-V. I concluded that while Hyper-V was a strong 
challenger to ESX Server and definitely a cost-effective solution, ESX 
Server was a more mature product that offered several management 
advantages and held a slight performance lead over Hyper-V. (See 
"Virtualization Shootout, Part 1," June 2008, InstantDoc ID 98879 and 
"Virtualization Shootout, Part 2," July 2008, InstantDoc ID 99248.) 

Several VMware proponents were quick to point out that ESX 
Server supports VMotion, while Hyper-V at that time had only Quick 
Migration. That contention was true, but the original comparison 
was between the virtualization platforms themselves—not the man¬ 
agement frameworks provided by each vendor. VMotion is not a fea¬ 
ture of ESX Server: It's a part of VMware's virtualization management 
platform and was beyond the scope of our original comparison. 

This article is a follow-up to the original ESX versus Hyper-V 
comparison. However, this time I focus on the virtualization man¬ 
agement platforms offered by VMware and Microsoft. A lot has 
changed in a year: VMware has totally revamped its virtualization 
management line and rebranded it as vSphere. Likewise, Micro¬ 
soft has updated Server 2008, Hyper-V, and System Center Virtual 


www.windowsitpro.com 


We're in IT with You 


Windows IT Pro 


OCTOBER 2009 49 





P R 0 D U C T S 


■SYSTEM CENTER VS. VSPHERE 


entries in the VMM console. VMM requires 
access to a Microsoft SQL Server system 
on the back end to store its information. 
It requires Windows Server 2008 R2 x64 
and can use SQL Server 2005 SP3 and SQL 
Server 2008. 

VMware's management interface, 
vSphere Client, provides a broader manage¬ 
ment scope, unlike the VMM administrative 
console, which focuses on VMs. VMware 
vSphere Client includes the ability to man¬ 
age host and VM performance data as well 
as user and role management. You can see 
the vSphere Client in Figure 2. 

The vSphere Client enables you to per¬ 
form the full range of VM management 
functions. When you're running the vSphere 
Client with a vCenter Environment, the 
menu options in the vSphere Client are 
populated with more advanced options, 
including the ability to clone VMs and 
perform VMotion transfers between hosts. 
(More information about VMotion is pre¬ 
sented later in this article.) 

Overall, I preferred the vSphere Client 
to the VMM console. I found it easier to use 
and more efficient, with important perfor¬ 
mance information close at hand. 

However, some important features such 
as Datastore management were hard to find, 
being buried under the Summary tab. 


Figure 1: VMM 2008 R2 admin console 


Planned Downtime: Live Migration 
vs. VMotion 

Without a doubt, VMotion was the feature 
that most readers commented on in my 
previous comparison review. VMotion is a 
ground-breaking technology that enables 
VMs to be moved between ESX Server hosts 
with no downtime and no interruption of 
end-user services. VMotion does require 
compatible CPUs on the ESX Server hosts. 
In other words, both hosts must use proces¬ 
sors from the same manufacturer, and they 
must be part of the same processor family. 
VMotion isn't part of vSphere Standard 
Edition, but it's in vSphere Advanced, Enter¬ 
prise, and Enterprise Plus Editions. VMotion 
also requires vCenter Server. 

The original release of Server 2008 and 
Hyper-V didn't include capabilities equiva¬ 
lent to VMotion. The first release of Hyper-V 
did have a feature called Quick Migration, 
which wasn't really all that quick. Quick 
Migration essentially saves a VM's state, 
then moves all of the VM files to a different 
storage location and restores the VM state. 

Server 2008 R2 introduced the new Live 
Migration feature for Hyper-V. Comparable 
to VMotion, Live Migration enables VMs to 
be moved between Hyper-V hosts with no 
downtime and no interruption of end-user 
services. Live Migration is enabled by a 


new Server 2008 technology called Clus¬ 
tered Shared Volumes (CSV). Live Migration 
requires Server 2008 R2, and the Hyper- 

V hosts must also be part of a Windows 
failover cluster. 

The advent of Live Migration has given 
Microsoft feature-parity with VMware in the 
area of planned downtime. However, Live 
Migration isn't identical to VMotion. The 
maturity of the VMware platform shows: 
ESX Server can perform multiple concur¬ 
rent VMotions while Hyper-V is limited to 
one Live Migration at a time. 

Unplanned Downtime: Windows 
Faiiover Clustering vs. HA/FT 

For a Microsoft implementation, a virtual 
IT infrastructure uses Windows Failover 
Clustering to address the issue of unplanned 
downtime. Failover Clustering lets up to 16 
servers work together to provide redundant 
hardware services. (Though not available in 
Server 2008 Standard Edition, it's supported 
in the Server 2008 Enterprise and Datacen¬ 
ter Editions.) It also requires an iSCSI or 
Fibre Channel SAN for shared storage. 

Failover Clustering can be used at both 
the virtualization host and guest levels. At 
the host level, it provides protection from a 
potential single point of failure of the Hyper- 

V server. If a Hyper-V server that's part of 
a Windows failover 
cluster fails, then 
all of the VMs run¬ 
ning on that server 
will be restarted on 
another node. Sim¬ 
ilarly, VMs them¬ 
selves can act as 
nodes in a failover 
cluster and the dif¬ 
ferent nodes can be 
running on multiple 
Hyper-V hosts. With 
Failover Clustering, 
the failover process 
is automatic, with 
minimal down¬ 
time as services are 
restarted on alter¬ 
nate nodes. The 
actual amount of 
downtime depends 
on the services 
themselves and the 
capabilities of the 
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Figure 2: vSphere Client 


hardware platform. 

V M w a r e 
vSphere addresses 
unplanned down¬ 
time in two ways: 

High Availability 
and Fault Toler¬ 
ance. High Avail¬ 
ability is in all the 
editions of vSphere. 

It supports up to 32 
node clusters on the 
vSphere Enterprise 
Plus edition and 
up to 16 nodes on 
the other editions. 

Like Failover Clus¬ 
tering, High Avail¬ 
ability protects at 
both the server and 
VM level. Also like 
Failover Cluster¬ 
ing, VMware High 
Availability incurs 
some downtime as 
VMs are restarted 
on backup servers. High Availability takes 
advantage of the Distributed Resource 
Scheduler (DRS) to optimize the placement 
of VMs to be restarted. More information 
about DRS is presented in the next section. 

Fault Tolerance is a new feature in 
vSphere 4. Unlike High Availability, Fault 
Tolerance works only between two systems, 
but it protects from system failure with no 
downtime. Fault Tolerance uses a VMware 
technology called vLockStep, which keeps 
the virtual processors of two VMs in sync 
at the instruction level. If one VM fails, the 
other VM steps in instantly, with an exact 
copy of the RAM that's in the primary VM. 

Dynamic Infrastructure: VMM PRO 
vs. Distributed Resource Scheduler 

Dynamically changing system configura¬ 
tions to meet changing workload require¬ 
ments is another necessity. Microsoft 
addresses dynamic IT management via the 
VMM Performance Resource Optimization 
(PRO) feature. VMM PRO works with Ops 
Mgr to automatically initiate Live Migration 
in response to host or VM CPU or memory 
utilization levels. 

VMware addresses the issue of dynamic 
IT management with DRS. Similar to VMM 
PRO, DRS can automatically invoke VMo- 


tion to move VMs between ESX Server hosts 
based on resource utilization. However, 
DRS uses more advanced features such as 
a global scheduler and resource pools to 
provide a finer level of control over how 
and when VMs are moved. DRS can be 
coupled with Distributed Power Manage¬ 
ment (DPM) to automatically shut down 
servers when the workload decreases, then 
later dynamically power up again to meet 
increased user demand. 

Storage: Quick Storage Migration vs. 
Storage VMotion 

Server 2008 R2 includes a new Quick Stor¬ 
age Migration feature. As was the case with 
Quick Migration, Quick Storage Migration is 
a feature that's not quite up to the standards 
set by the competition. 

Quick Storage Migration enables you to 
rapidly move VMs to different storage loca¬ 
tions. There's some downtime as the VM's 
state is saved, then restored when it's in the 
new location. 

It's primarily designed to enable you to 
take advantage of Server 2008's ability to run 
multiple VMs per LUN. (Previous versions of 
Hyper-V required one VM per LUN, which 
was difficult to manage.) Quick Storage 
Migration lets you quickly consolidate your 


VMs on a larger shared LUN. 

VMware's Storage VMotion provides the 
same type of ability to move VMs to different 
storage locations. However, it enables you to 
move VMs between different storage loca¬ 
tions with no downtime. Performing a move 
with Storage VMotion takes roughly the 
same amount of time as performing a cold 
migration of a VM's files to a new LUN. 

Backup: DPM vs. VMware Consoli¬ 
dated Backup 

Backup is another important consideration. 
You can achieve a very basic level of backup 
for your VMs by using Windows Server 
Backup on the Hyper-V host. However, Win¬ 
dows Server Backup is extremely limited as 
it's a volume-oriented backup. System Center 
Data Protection Manager (DPM) 2007 pro¬ 
vides a much more capable backup platform. 
DPM can provide host-based backup for 
Hyper-V VMs as well as other Microsoft server 
platforms such as SQL Server, SharePoint, and 
Exchange. DPM is also able to perform DPM 
to DPM replication for offsite protection. 

VMware's vSphere provides VMware 
Consolidated Backup. VCB provides both 
full and incremental backup of VM files. It 
can also run on another server by proxy, to 
reduce the load required on the host during 
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the backup operation. VCB enables you to 
recover whole VMs as well as individual 
folders and files from inside a Windows 
VM. VCB isn't integrated with any Windows 
Server applications. 

System Center Exclusive Features 

Because of its holistic view of the different IT 
resources in the enterprise, System Center 
Enterprise Management Suite has many 
features that vSphere doesn't have, such as 
the following: 

• Management of all physical systems— 
Ops Mgr monitors the health of both 
physical and virtual servers. vSphere 
manages only the components of a 
virtual infrastructure, though with the 
vSphere Client under Configuration, 
Health Status, you can monitor the 
health of the ESX Host. 

• Heterogeneous VM management— 
VMM supports management of both 
Hyper-V hosts and ESX Server hosts, if 
VMware's vCenter Server is present. 

• Deep management of applications 
including SQL Server, Exchange, and 
SharePoint— Ops Mgr is also able to 
manage Microsoft server applications; 
vSphere doesn't. 

• Application level backup and restore— 
DPM can backup and restore SQL 
Server and Exchange. VCB backs up at 
the VM level and can restore individual 
files, but it's not application aware. 

• Software inventory, deployment, and 
management—Configuration Manager 
can inventory hardware and software and 
deploy OSs, applications, and updates; it 
has no equivalent in vSphere. 

vSphere Exclusive Features 

vSphere maturity shows in its virtualization 
management features that have no counter¬ 
part in System Center: 


• vSphere's ESX Server fully supports all of 
the popular Linux distributions. While 
other distributions can run on Hyper- 

V in legacy mode, Microsoft supports 
SUSE and RHEL 5.2 on Hyper-V using 
the higher performance VMBus archi¬ 
tecture. 

• Multiple VMotions—vSphere can perform 
multiple concurrent VMotions. Hyper-V 
is limited to one Live Migration at a time. 

• Support for multiple virtual CPUs on 
Linux—ESX Server supports up to four¬ 
way virtual CPUs for Linux. Hyper-V 
supports only a single virtual processor 
for Linux VMs. 

• NIC teaming—ESX Server supports NIC 
teaming on all types of NICs. Hyper-V 
doesn't directly support NIC teaming 
but can use it if it's provided by specific 
network adapter drivers. 

• Memory Over-Commitment—ESX 
Server can make the memory require¬ 
ments of the running VMs exceed the 
physical memory in the host. This lets 
you potentially run more VMs per host, 
though with a performance hit. 

• Distributed Network Switch—Lets you 
create and share network configuration 
between multiple servers. 

• Distributed Power Management—This 
optimizes power consumption by using 
VMotion to move VMs off lightly loaded 
hosts, then power those hosts off. 

Licensing 

No comparison of platforms is complete 
without looking at cost. Table 1 compares 
the basic licensing costs to deploy 10 physi¬ 
cal servers with each server running 10 VMs 
apiece. 

I assume that you're deploying 10 dual¬ 
core servers. I didn't include server costs, 
as the hardware required for each platform 
is essentially the same. In Table 1, the costs 


for Server 2008 Datacenter Edition are the 
same for both platforms. The Datacen¬ 
ter Edition is the best Server 2008 choice 
because it permits an unlimited number 
of virtual Windows instances with no addi¬ 
tional licensing costs. Likewise, the virtu¬ 
alization software itself is included with 
each platform. The biggest difference is in 
the management suite. vSphere is licensed 
by CPU socket and is a bit more expensive. 
Plus, the required vCenter Server must be 
purchased separately. 

Although more expensive, VMware 
vSphere offers many virtualization features 
that aren't in the Microsoft platform. I have 
seen alternative licensing comparisons that 
show better advantages for the VMware 
platform. However, most of these are based 
on running more VMs per server. That isn't 
necessarily a given. Hyper-V supports work¬ 
loads comparable to those of ESX Server, 
certainly up to the 10 active VMs per host 
server on which this comparison is based. 
That said, the new 64-bit ESX Server 4.0 
clearly provides better performance than 
the previous version. In a future article, we'll 
revisit the performance comparison of the 
new ESX Server 4.0 and Hyper-V R2. 

Next Gen vs. Broad Reach 

VMware's vSphere is a generation ahead of 
Microsoft System Center as far as virtual¬ 
ization management is concerned, but the 
Microsoft platform is less expensive and has 
a broader reach. Although each virtualization 
management platform offers advantages, 
each is based upon a different guiding philos¬ 
ophy. Microsoft's System Center Enterprise 
Management Suite is designed to provide 
seamless management for both physical and 
virtual servers. In contrast, VMware's vSphere 
is designed to enable IT to build an internal 
cloud where all resources are virtualized, 
and it provides dynamic management of the 
virtual infrastructure. Although I looked at 
the different platforms as alternatives, you 
can certainly combine these platforms, and 
many companies do. ^ 
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Table 1 : Licensing Costs for Microsoft's System Center and VMware's vSphere 

Microsoft 

1 VMware 

Windows Server 2008 Datacenter 
$2,381 x 10 = $23,810 

Windows Server 2008 Datacenter $2,381 x 10 = 

$23,810 

Virtualization Platform 

Hyper-V included w/WS08 

Virtualization Platform 

ESX Server 4 included w/ vSphere 4 

Management Platform 

System Center Management Suite 
Datacenter $744 x 20 = $14,880 

Management Platform 

vSphere 4 Enterprise + $4,360 x 10 = $43,600 
vCenter Server $4,995 

Total $38,690 

Total $72,405 



52 OCTOBER 2009 Windows IT Pro 


We're in IT with You 


www.windowsitpro.com 









The down 
economy and 
the need to do 
more with less 
have businesses 
moving their 
messaging to 
the cloud 

B. K. Winstead 


Y ou're struggling to get all the work done in your IT department as it is. The usual 
cycle of patch management never ends; now it's time to test new versions of 
applications and updated OSs. You're working on reduced budgets, possibly 
with reduced staff. And, oh yeah, your company execs somehow want you to 
provide more functionality to users so everyone can be more productive. 

This situation isn't unique to the IT department; in a down economy, 
every business division is dealing with similar pressures to do more with less. However, few 
departments have such a direct impact on all the others as the IT department. Naturally, 
something's got to give—and hopefully not your sanity. Outsourcing tasks to a service 
provider is an option that might save time, effort, and resources, and one area many busi¬ 
nesses are currently examining for outsourcing is messaging. Let's take a look at what hosted 
messaging—specifically, hosted Microsoft Exchange—offers, and what you can expect to 
find if you're considering outsourcing your messaging needs. 


Is Hosted Exchange Ready for Your Business? 

Email is the primary means of exchanging business communications both internally with 
employees and externally with clients and business partners. It's also your calendar and 
scheduler. It's how you stay connected when traveling or working remotely, either through 
web mail or mobile device support. It serves as a document exchanger and, in many cases, a 
massive filing cabinet for company memos, presentations, and other important documents. 
Maybe you've implemented unified communications (UC) through Microsoft Exchange 
Server 2007 so that Exchange also acts as your company PBX and voice mail system. 

Exchange Server can be your company's complete communications hub. An immediate 
question, then, is can you retain all this functionality if you outsource your messaging infra¬ 
structure? A quick scan of the marketplace shows there are many hosting providers, includ- 
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ing Microsoft itself, that offer Exchange as 
a hosted service. Some smaller providers 
don't include every feature of Exchange, 
particularly more advanced features such 
as UC. But there are plenty of providers that 
offer the full-featured Exchange package, so 
if that's what you need, you'll be able to find 
it. Vendors distinguish themselves by the 
additional services they provide. 

Hosted providers offer service level 
agreements (SLAs) that spell out what sort 
of uptime the service guarantees as well as 
what penalty the provider will pay if it fails 
to meet its uptime commitment. Most large 
providers offer something in the range of 
99.9 percent to 99.999 percent uptime; this 
number might vary depending on whether 
you subscribe to the provider's standard 
service or if you upgrade to a dedicated 
server option. 123Together.com began offer¬ 
ing a 100 percent uptime guarantee for its 
dedicated Exchange hosting option two 
years ago; Apptix recently began offering a 
100 percent uptime guarantee for its Apptix 
OnDemand hosted Exchange service. With 
the massive data centers that are possible 
and the improved high-availability story 
through continuous replication in Exchange 
2007, I wouldn't be surprised to see more 
service providers begin offering a 100 per¬ 
cent uptime guarantee. 

Basic security, antivirus, antispam, and 
some level of support or Help desk are 
usually included at no additional fee, and 
often you can pay extra for premium ser¬ 
vices in these areas. Most hosted services 
also give you the option to pay for extra 
services: email archiving; mobile device 
support, including Windows Mobile, Black- 
Berry, iPhone, and others; and fax support 
through email are common add-ons. Larger 
Exchange hosting services can provide 
SharePoint and Microsoft Office Commu¬ 
nications Server (OCS) as well. 

Migration services are a big plus, if 
offered. As Danny Essner, director of mar¬ 
keting for Intermedia said, "I think one of 
the dirty secrets of hosted services in gen¬ 
eral, not just email but SaaS [Software as a 
Service] as a category, is SaaS is great when 
you're using a product for the first time. 
What happens when you've been using a 
legacy product for five, ten, fifteen years and 
you have all that legacy data that you want 
to carry forward to the hosted model? A lot 
of hosted providers don't handle migration 
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very well." Intermedia has what it calls the 
Exchange Concierge team to help users 
manage migrations, and most of the top 
players in hosted Exchange now have some 
form of migration service, either offered free 
or at an additional charge. 

As you take a look at the variety of ser¬ 
vices offered by Exchange hosters, it should 
be clear how much you can potentially 
eliminate from your inhouse infrastructure 
with a hosted solution. The provider has 
high availability covered for you, which 
can save you significantly on hardware 
and other resources. If you take advantage 
of something like email archiving, you get 
storage in the cloud and reduced headaches 
related to email quotas and e-discovery 
requests. Each feature you outsource frees 
up something—or someone—inhouse to be 
redirected at another task. 

And you get all this with predictable 
monthly costs—which is a key point made 
by Kirk Averett, director of product for Rack- 
space. "CFOs like predictable costs. And when 
you're hosting email inhouse, it feels very 
unpredictable," Averett said. "The hardware 
can die at any time. You have to go spend 5 or 
10 or 20 grand to replace something. Or the 
software will become broken or incompatible 
with the backups—you just don't know what's 
going to happen that will change your costs." 
Planning your budget, certainly, becomes 
easier when you host your messaging. 

Is Your Business Ready for Hosted 
Exchange? 

Another important question to ask as you 
look at the hosted Exchange market is if you 
and your organization are ready to give up 
some control of your messaging infrastruc¬ 
ture. If you go the hosted route to Exchange, 
it's not like you can sign a contract and then 
forget all about your email system; no matter 
what options you choose, there still needs to 
be IT oversight of the hosted implementa¬ 
tion. Sure, you're ceding a certain amount of 
control to your hosting partner for security, 
message hygiene, availability. But even with 
inhouse Exchange, can you say that your 
security never has a lapse, that spam never 
gets through, or that unforeseen problems 
don't cause downtime? 

Speaking to this point, Dave R. Taylor, 
cofounder and chief marketing officer of IT 
and business solutions provider Sparxent, 
said, "One of the reasons people stay [with 
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on-premises Exchange installations] is, 
they'll call it security, they'll call it whatever 
they want, but really it's familiarity, it's 
comfort. 'It's the way we've been doing it, 
this is the way we're going to keep doing 
it.'" Security typically is the stated sticking 
point for organizations that say they need 
to maintain their own messaging systems. 
With data-protection regulations, this might 
be a legitimate reason in some cases. 

Most organizations don't have dedicated 
messaging specialists; managing Exchange 
is just one of the many tasks on your IT plat¬ 
ter. Hosted providers, meanwhile, have the 
resources for dedicated Exchange special¬ 
ists, dedicated security specialists, and any 
number of other specialists to troubleshoot 
problems before clients are ever affected by 
them. As vice president of product for App¬ 
tix, Rick Rumbarger, said, "A small enter¬ 
prise really can't have a dedicated security 
person. So I would suggest not that we're 
doing a good enough job [with security], but 
that we actually do a much superior job than 
what they can ever afford to do because, 
again, we have people that live and breathe 
email—that's what they do all day long." 

A good indication of a hosted provider's 
commitment to security is whether the 
service is SAS 70 Type II certified. SAS 70 
is an independent assessment of a service 
organization that looks at the company's 
internal controls. This designation has 
become more important because of legisla¬ 
tion such as the Sarbanes-Oxley Act (SOX) 
and Gramm-Leach-Blighley Act (GLBA), 
which require the level of auditing that SAS 
70 Type II checks for. Yet you'll find that not 
all Exchange providers have attained this 
certification. 

What Microsoft Means to the Market 

Exchange as a hosted service isn't a new 
thing. However, one thing that is fairly new is 
Microsoft itself selling Exchange as a service. 
The company originally announced Micro¬ 
soft Online Services (MOS) in September 
2007, then released Exchange Online from 
beta in November 2008. Microsoft continues 
to work with its partner resellers who offer 
hosted Exchange as well—a situation that 
might look a bit peculiar on the surface. 

I spoke to John Betz, director of product 
management with MOS, about the com¬ 
pany's entry into this space. "There's clearly 
a transformation happening in the market to 
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cloud services," Betz said. "With the advent 
of the massive data center, there's an oppor¬ 
tunity, and customers are looking for ways 
to be more efficient with how they spend 
their IT dollars. In the case of Exchange 
specifically, we expect the opportunity to be 
up to 50 percent of the seats sold, say, in five 
years will be in the cloud as opposed to run 
on-premises. So that's a pretty significant 
shift that we saw happening." Betz also men¬ 
tioned that his team had briefed its partners 
about their plans a couple years before the 
public announcement. 

Nonetheless, I suspect some of those 
partners might have felt a bit betrayed by 
Microsoft entering into direct competition 
with them, selling a product the third-party 
vendors have to purchase from Micro¬ 
soft to resell. And yet, after talking with 
many of these vendors, the general feeling 
seems to be that Microsoft's entry into the 
hosted Exchange market lends credibility 
to the space. As Essner of Intermedia said, 
"[Microsoft's] entrance alone will acceler¬ 
ate and expand adoption rates, especially 
in the SMB community. I think they'll help 
dispel some of the unwarranted fears about 
security, about reliability, certainly about 
cost. The best part of the Microsoft initia¬ 
tive is the education and awareness that it 
will bring." Education leads to acceptance, 
and as a result, Microsoft has reported some 
big customer wins for its hosted Exchange 
service, such as Eddie Bauer, Pitney Bowes, 
and GlaxoSmithKline. 

Microsoft partner resellers have the 
opportunity to win in this competition by 
the additional services and support they 
can provide. For instance, if you want to host 
Exchange with BlackBerry support, you can 
pretty much be sure Microsoft isn't going to 
have what you need—but many third-party 
providers will. And if you want a security 
solution other than Forefront, which is built 
in to Microsoft's offering, well, you'll need to 
expand your search. Microsoft continues to 
stress its reliance on its partners as well. 

A Radicati Group analysis from August 
2009 reports, "The number of deployed 
Microsoft Hosted Exchange mailboxes is 39 
million in 2009, and is expected to reach 77 
million by year-end 2013. This represents an 
average annual growth rate of 19% over the 
next four years." That's nearly double in just 
four years. How much of that growth can be 
blamed on—or credited to—Microsoft isn't 


clear, but by all predictions, this continues to 
be a growing market. 

Another factor that might influence this 
growth is the release of Microsoft Exchange 
Server 2010. Expected to be available by 
the end of 2009, this is the first version of 
Exchange developed and tested specifi¬ 
cally with hosted deployments in mind. In 
addition to improved high availability archi¬ 
tecture and better performance, Exchange 
2010 can be deployed without the need for 
the Microsoft Solution for Hosted Messag¬ 
ing and Collaboration (HMC) platform for 
management, which previous versions of 
Exchange required. A few vendors, such 
as Intermedia, have developed their own 
management platform rather than relying 
on HMC; it's unclear how they'll be affected 
by this change in Exchange 2010. 

Money, Money, Money 

Wrapped up in all the other reasons for the 
growth in hosted Exchange is the money. 
Microsoft and others have been touting 
cloud computing heavily for the past few 
years. Add to that an economic cataclysm, 
and suddenly outsourcing starts looking 
like a real attractive option. As Microsoft's 
Betz said, "You have to decide what you 
want to spend your time and attention on. 
Presumably, we can run a pretty standard¬ 
ized version of Exchange or SharePoint 
faster, better, cheaper than a customer can 
run it themselves if they're not going to do 
anything fancy with the deployment." 

So, businesses are saving money by 
moving to hosted Exchange, and at the 
same time hosting providers are in stiff 
competition, lowering prices, and offering 
some pretty nice deals. Rumbarger from 
Apptix said, "As the competitive nature of 
our industry has driven down prices ... the 
ROI of somebody to have an on-premises 
piece of equipment—servers, infrastruc¬ 
ture, staffing, patching, if they want to have 
any redundancy like we do with clustering, 
and things like that—there's no comparison 
in today's modern environment between 
what the cost is for someone to maintain 
on-premises versus in the cloud." 

To make their services more attractive, 
most of the hosted providers are offering 
some form of messaging suite where you 
get a package of products for a reduced 
price. Microsoft perhaps has the best-known 
suite on the market with its Business Pro¬ 


ductivity Online Suite. BPOS combines 
Exchange Online, SharePoint Online, Office 
Live Meeting, and Office Communications 
Online for a base price of $15 per user per 
month; individually, these services would 
cost $24.25 per user per month. Microsoft 
offers Exchange Online by itself for $10 per 
user per month, so if you can use those other 
services, BPOS is quite a deal. 

Meanwhile, many of the third-party 
hosting providers are including SharePoint 
with their Exchange hosting at no additional 
charge. Apptix, Intermedia, and SherWeb all 
currently make this offer. The catch is that 
you have limited storage; if you need more, 
you'll need to upgrade to the company's 
full hosted version of SharePoint, and pay 
accordingly. Another hot point of competi¬ 
tion is mailbox size—3GB and 4GB standard 
mailboxes are readily available. In addition 
to saving money by switching to a hosted 
Exchange provider, you might find yourself 
with those extra features for productivity 
that the bosses have been clamoring for. 

How Does IT Benefit? 

Outsourcing definitely has its negative con¬ 
notations, but you can turn this situation 
into a positive. Email is vital to business life, 
but it might not be the IT project that has the 
greatest impact on your business. Outsourc¬ 
ing messaging frees your IT department to 
focus on those projects of greater impact— 
to develop instead of simply maintaining. 

Doug Howard, president of USA.NET, 
spoke to this point when he said, "[Out¬ 
sourcing] allows the IT expert to kind of 
move up a notch by being able to now man¬ 
age the platform and the infrastructure and 
the outsourcer versus actually having to do 
the hands-on, every little element—patch 
management and all those elements that 
are inherently built in to the infrastructure." 
It can be an opportunity for the IT pro 
to demonstrate versatility, creativity, and 
leadership—and maybe even have a little 
fun while you're at it. ^ 
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WHEN 

October 29,2009 

WHERE 

Your computer 

COST 

$99 for all 3 lessons 

LESSONS 

11:00 am ET - Troubleshooting Active 
Directory-Related Problems 

12:30 pm ET - Troubleshooting Active 
Directory Replication 

2:00 pm ET - Best Practices in Active 
Directory Disaster Recovery 

HOW 

Register at windowsitpro.com/go/ 
elearning/TroubleshootingAD 


Get useful methods, tips and best 
practices for taking care of your Active 
Directory mission-critical system. 

Join MVP and Active Directory expert Sean Deuby on 
October 29,2009 for 3 lessons and Q&A sessions on 
the care and feeding of Active Directory. 

What you'll learn: 

•Troubleshooting methodologies you can use time 
and again to isolate Active Directory problems 

• Best practices in Active Directory operations 

• Quick and easy methods to check on your 
directory's health 

• Ways to inexpensively take advantage of 
Windows Server 2008 

INSTRUCTOR: 

Microsoft MVP Sean Deuby is a Senior Enterprise 
Solutions Strategist with Advaiya Inc., an IT strategy 
company. Sean is one of the first Microsoft Certified 
Systems Engineers. Before joining Advaiya, he 
spent 10 years with Intel Corporation, as the design 
engineer of the IT directory services team and one 
of the architects of Intel's corporate Active Directory 
forest. Sean is also a contributing editor and techni¬ 
cal editor for Windows IT Pro. 


Learn more about the speaker, sessions, 
and how to reserve your seat at: 
windowsitpro.com/go/elearning/ 
TroubleshootingAD 
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SharePoint 

DOCUMENT 

MANAGEMENT 

Producb 


Use SharePoint 
to manage 
both physical 
and digital 
documents 

by Jeff James 


E veryone knows that SharePoint is a great tool for build¬ 
ing corporate intranets and serving as a hub for internal 
collaboration among disparate product teams. Share- 
Point is also a compelling management solution for 
document sharing, storage, and management, and new 
third-party tools promise to extend that capability. 

Choosing a Document Management Solution 

As is the case with most projects, time spent in preparation and plan¬ 
ning is invaluable in helping you pick the solutions that will work 
best in your environment. According to Joel Oleson, a senior product 
manager evangelist for Quest Software, ensuring that the goals of 
the company align with your document management project is an 
important first step. 

“A lot of what you're doing should depend on the company road¬ 
map," says Oleson. “Some CIOs only see SharePoint as a way to rid 
themselves of file shares and public folders. SharePoint can do that, 
but it can do so much more." 

A SharePoint Document Management Checklist 

In order to help your SharePoint document management project 
start on the right foot, here are some useful steps to follow: 

1. Anticipate storage: How much storage will you need to 
archive and manage your documents? “Having a robust storage 
area network (SAN) for document management is critical," says 
Ron Cameron, president of SharePoint software vendor Knowl- 
edgeLake. “You should also consider extending your document 
management capabilities into the cloud, whether you're planning 
to use Microsoft's Azure or Amazon's S3 platform." 

2. Anticipate interoperability: Will your SharePoint solution 
need to work with other document management offerings, such as 
EMC Documentum or Autonomy Meridio? Cameron cautions that 
doubling up on document management solutions gives you “two 
platforms to manage and two vendors to pay for." 

3. Establish procedures and encourage adoption: You can often 
tell how successful a solution will be by how many people in your 


organization are using it. “Solutions like this need to be available 
to everyone in the enterprise," says Cameron. “If only 10 users are 
using the document management system, it really defeats the pur¬ 
pose." 

4. Backup: Any IT pro worth his administrator rights should 
realize the importance of a solid backup strategy, and your docu¬ 
ment management system should be a high priority on your 
backup schedule. Internal corporate records and knowledge assets 
are often more valuable to a company than the products it pro¬ 
duces, so make sure your backup strategy takes that into account. 

5. Security: While Cameron stresses that any document man¬ 
agement system should be accessible and used by all members 
of an organization, he encourages IT pros to employ a rigorous 
security scheme. “You need to make sure that all of your content 
is secured by a proper security model," Cameron says. “Everyone 
in the organization needs access, but you should filter access to 
documents by assigning security rights to user roles." 

Choose a Solution to Fit Your Needs 

Every organization has different document management needs, 
and this buyer's guide should help you pick the right SharePoint 
document management tools to fit your own specific requirements. 
Some organizations may be well-served by using a default MOSS 
2007 installation with third-party document scanning software, 
while others may need a full-blown document management plat¬ 
form that incorporates document scanning, archiving, document 
taxonomy, document workflow planning, extensive search capabili¬ 
ties, and the ability to edit and redact selected documents. 

“The native SharePoint platform is a great document manage¬ 
ment solution in its own right," says Cameron. “When combined 
with a valid scanning solution, that option could fit the needs of 
many people." 

InstantDoc ID 102661 
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SHAREPOINT DOCUMENT MANAGEMENT PRODUCTS 


Company 

Product 

Price 

SharePoint Versions Supported 

Document scanning? 

Alcero 

514-316-5064 

514-657-8994 

www.alcero.com 

Render It 

$15,000 per server 

MOSS 2007, WSS 3.0 

Yes 

Atalasoft 

413-572-4443 

866-568-0129 

www.atalasoft.com 

Vizit SP 

$4,625 (1 server, 25 
CALs) 

MOSS 2007/2003, WSS 3.0/2.0 

No (via Vizit Scan- 
to-SharePoint) 


Vizit Scan-to-SharePoint 

Free 

MOSS 2007/2003, WSS 3.0/2.0 

Yes 

Business I.T. Systems Ltd. 

+44 (0) 20 3258 4020 
+44 (0) 20 3258 4030 
www.bits.uk.com 

Callisto Managed Scan- 
Microsoft SharePoint 

Datalink 

~$500 per copier 

MOSS 2007, WSS 3.0 

Yes 

Dark Blue Duck 

425-296-7670 

+44 (20) 3239 6703 

www.darkblueduck.com 

Scanning Enabler 2007 

Unlimited users 
$2,250/server; 25 
users $ 750/server; 5 
users $300/server 

MOSS 2007, WSS 3.0 

Yes 


Scanning Enabler 2007 
Capture 

$99 (online price) 

MOSS 2007, WSS 3.0 

Yes 

eCopy 

603-324-8500 

603-324-8600 

www.ecopy.com 

eCopy Connector for 
SharePoint 

Contact vendor 

MOSS 2007/2003, WSS 3.0/2.0 

Yes 

EMC 

866-438-3622 

800-782-4362 

www.emc.com 

Documentum / Archive 
Services for SharePoint 

Contact vendor 

MOSS 2007/2003, WSS 3.0/2.0 

No 

GoScan 

949-829-5822 

www.goscan.com 

GoScan Enterprise 

Contact vendor 

MOSS 2007/2003, WSS 3.0/2.0 

Yes 

KnowledgeLake 

800-540-7292 

519-888-9933 

www.knowledgelake.com 

KnowledgeLake Capture 

Suite 

Contact vendor 

MOSS 2007/2003, WSS 3.0/2.0 

Yes 


KnowledgeLake Imaging for 
SharePoint 

Contact vendor 

MOSS 2007/2003, WSS 3.0/2.0 

Yes 

Kodak 

866-563-2533 

graphics.kodak.com 

Capture Pro 

Contact vendor 

MOSS 2007/2003, WSS 3.0/2.0 

Yes 

Kofax 

949-727-1733 

877-471-7078 

www.kofax.com 

Kofax Capture 

Contact vendor 

MOSS 2007/2003, WSS 3.0/2.0 

Yes 

Nuance 

781-565-5000 

781-565-5001 

www.nuance.com 

Paperport 10 Professional 

$200 

MOSS 2007/2003, WSS 3.0/2.0 

Yes 

Open Text 

800-540-7292 

519-888-9933 

www.opentext.com 

Open Text Storage Services 
for Microsoft SharePoint 

Contact vendor 

MOSS 2007/2003, WSS 3.0/2.0 

No (via Open Text 

ECM Suite) 

Organice 

781-353-6486 

781-353-6499 
www.org a n i ce.co m 

Organice Suite (optimized 
for engineering and 
manufacturing industries) 

Contact vendor 

MOSS 2007/2003, WSS 3.0/2.0 

Yes 


Editor's Note: All the information in this Buyer's Guide is supplied by vendors. Some vendors you might expecttoseeinthisBuyer'sGuideeitherdidn'thavea product 
that matched the criteria for the Buyer's Guide or didn't respond to our requests for product information. 
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SHAREPOINT DOCUMENT MANAGEMENT PRODUCTS 


Document indexing? 

Search by metadata? 

Document taxonomy/ 
tagging? 

Document editing/ 
annotations? 

Workflows? 

Uses SharePoint as 
content store? 

Yes 

Yes 

Yes 

Yes 

No (via Alcero 
Cyclos) 

Yes 

Yes 

No 

No 

Yes 

No 

Yes 

No (via Vizit SP) 

No 

No 

No (via Vizit SP) 

No 

Yes 

Yes 

No 

No 

No 

Yes 

Yes 

Yes 

Yes 

Yes 

Yes 

Yes 

Yes 

Yes 

No 

Yes 

No 

No 

Yes 

Yes 

No 

No 

No 

No 

Yes 

Yes 

Yes 

Yes 

Yes 

No 

No 

Yes 

No 

No 

No 

No 

Yes 

Yes 

Yes 

Yes 

Yes 

No 

Yes 

Yes 

No 

No 

No 

No 

Yes 

Yes 

No 

No 

No 

No 

Yes 

Yes 

No 

No 

No 

No 

Yes 

Yes 

No 

No 

No 

No 

Yes 

No (via Open Text 

ECM Suite) 

No (via Open Text 

ECM Suite) 

No 

No (via Open Text 
ECM Suite) 

No 

No 

Yes 

No 

Yes 

Yes 

Yes 

Yes 
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■ INDUSTRY BYTES 


■ Mobility ■ Outlook 2010 


INSIGHTS FROM THE INDUSTRY 


Mobile Management Goes Multi-Platform 


The growth in mobile devices for a host 
of enterprise uses has been sudden and 
surprising. The features and capabilities 
of these devices have evolved drastically, 
catapulting their presence in many orga¬ 
nizations from niceties for the top brass to 
essential hardware for many staff. 

The number of OS platforms, including 
those now usable in an enterprise space, 
has also been steadily increasing. As a 
result, mobile management console pro¬ 
viders are increasingly supporting multiple 
platforms in the same package. 

Conceivium Adds Windows Mobile 
Support 

Conceivium has been offering a manage¬ 
ment console (Mobile Analyzer) for sup¬ 
porting and monitoring BlackBerry devices 
for years, but they have just recently taken 
the plunge to also start supporting Win¬ 
dows Mobile thanks to a partnership with 
Odyssey Software. With BlackBerry and 
Windows Mobile support, Conceivium is 
now equipped to handle the vast majority 
of enterprise mobile management needs. 

"We've noticed a break in the last year 
where customers who were once stan¬ 
dardized on RIM products, [BlackBerry 
Enterprise Server], and BlackBerry devices 
are now starting to open up and provide a 
wider option for, or acceptance of, different 
types of wireless devices within the corpo¬ 
ration. Specifically, devices using Active- 
Sync in the backend," said Greg Fleet, vice 
president of global sales for Conceivium. 


Zenprise Mobile Manager 

Zenprise announced that its Mobile Manager 
solution, originally capable of managing 
BlackBerry and iPhone devices, will now 
also be able to manage Windows Mobile 
devices. While the Zenprise and Conceivium 
solutions are similar in form and functional¬ 
ity, Zenprise seems to be banking on the 
so-called "consumerization of enterprise" to 
push organizations to seek its solution thanks 
to its ability to manage iPhones. However, 
Mobile Manager slots in at a higher cost than 
Conceivium's Mobile Manager, based on con¬ 
versations with both organizations. 

How Big is the Need? 

The explosion in mobility from the smart¬ 
phone revolution is likely forcing many 
organizations to look ahead and prepare a 
solution that will not just suffice today, but 
2-3 years into the future. That's a difficult 
thing to do in this market, but can we draw 
any conclusions about what the future 
holds for the mobile market? Here are a 
few questions and points to consider. 

How many enterprise mobile platforms 
will we have to deal with? In addition to Win¬ 
dows Mobile and BlackBerry, possible enter¬ 
prise contenders include Palm's webOS, the 
iPhone, and Google's Linux-based Android. 
While iPhone OS and Android are still largely 
untested in a business arena, organizations 
may look for a solution that can manage just 
about any device, so they're not forced to do 
an overhaul, should one of these platforms 
pick up speed. 


How many people really want smart¬ 
phones? While smartphone growth has 
been huge, it has primarily been among 
the early adopters. Smartphones incur 
significant costs over basic phones, both in 
the cost of the device and the extra $30/ 
month or so for the data plan. A recent 
study by Wirefly indicates that the features 
on phones customers purchase are often 
far beyond what they actually want. 

• 94 percent of cell phone buyers pur¬ 
chase a phone with a camera (what 
phones don't come with one?), but only 
25 percent consider this a requirement 
for buying 

• 71 percent purchase phones that can 
play music, but only 5 percent consider 
it a "must-have"feature 

• 64 percent purchase phones that can 
browse the web, but only 15 percent 
cite the feature as necessary 

For now, it will be a bit of a guessing game 
for organizations. But, being prepared cer¬ 
tainly can't hurt. 

"I think [Windows Mobile and Black¬ 
Berry] will continue to be the standard 
within organizations for a number of rea¬ 
sons, a lot of them legacy reasons. They're 
already proven, already accepted, a lot of 
the security protocols have been signed 
off. These are not easy things for new 
entrants to go through—it takes a lot of 
time and effort to go through that," said 
Tom Robinson, executive vice president of 
sales and marketing for Odyssey Software. 
"But, given some time, you can't count out 
an organization like Google and its Android 
offering. So I think if you call immediate 
future within the next year or 18 months, 

I think we'll stay where we are. But take 2 
years and some market acceptance, a new 
player could emerge." 

—Brian Reinholz 

InstantDoc ID 102506 
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Is your website ready for unlimited 
traffic? As the world's #1 web host, 
we recognize that high traffic volume 
plays an essential role in the success of high performance 
websites. Don't restrict your website with monthly traffic 
allowances. At 1&1, unlimited traffic is included with all 
Web Hosting packages for FREE! 



PRIVATE HOSTING 


Everything you need for 
a perfect site. 

1&1® Home Package: 

■ 2 FREE Domains 

■ 150 GB Web Space 

■ UNLIMITED Traffic 



$ 3 


.49 

per month* 


BUSINESS HOSTING 


Powerful solution for 
professional websites. 
18e1® Business Package: 

■ 3 FREE Domains 

■ 250 GB Web Space 

■ UNLIMITED Traffic 



$ 4 


.99 


per 


month* 


Special Offer: .net and .info domains just $4.49 for the first year!* 

More special offers are available online. For details, visit www.1and1.com 



*0ffers begin September 1, 2009. Setup fee, minimum contract term, and other terms and conditions may apply. Visitwww.1and1.com for full promotional offer details. 
Program and pricing specifications, availability and prices subject to change without notice. 1&1 and the 1&1 logo are trademarks of 1&1 Internet AG, all other trade¬ 
marks are the property of their respective owners. © 2009 1&1 Internet, Inc. All rights reserved. 
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P R 0 D U C T S 


INDUSTRY BYTES 


Does Outlook 2010 Need Fixing? 


How is it that Microsoft manages to land 
itself in the middle of so many controver¬ 
sies? Or perhaps a better question is, why 
is it that so many people get so worked 
up about what Microsoft does? The latest 
mini-firestorm I've been following is the 
brouhaha over the Office team's announce¬ 
ment that Microsoft Office Outlook 2010 
will use Word 2010 for its HTML authoring 
and rendering engine. 

This situation goes back to Outlook 
2007, which first used Word 2007 for HTML 
rendering. Last week, the Email Standards 
Project (ESP) launched a campaign on Twit¬ 
ter to give Microsoft feedback about this 
decision; you can find information about 
the campaign at fixoutlook.org. ESP's basic 
position is that Outlook's HTML rendering 
should be based on industry-accepted 
standards, to which Word apparently 
doesn't comply. In a week, the cam¬ 
paign has over 24,000 retweets 
from users supporting ESP's 
position. 

William Kennedy of the 
Office Communications and 
Forms Team at Microsoft posted 
a blog in response, explaining 
that this decision was based on 
providing users with tools for 
composing email messages that 
they were already familiar with 
from Word. Kennedy states, in 
bold text, "There is no widely- 
recognized consensus in the 
industry about what subset of 
HTML is appropriate for use in 
e-mail for interoperability." 

Supporting ESP's position 
for changing Outlook's HTML 
rendering engine you'll find 
a large body of developers— 
you know, those people most 
affected by Outlook's poor 
HTML handling. These are the 
folks who have to design HTML 
email campaigns that look 
acceptable in Outlook 2007, 
which generally means not 
taking advantage of design fea¬ 
tures and principles that other 
email clients would allow, such 


as Cascading Style Sheets (CSS). It's the 
lowest-common-denominator factor: 
Because Outlook is the dominant email 
client, all email messages must conform to 
Outlook's rendering. 

On the other side of the equation, 
you'll find the people who aren't the least 
concerned with Word's inability to render 
those beautifully created HTML messages 
because, after all, who sends that type of 
message except for marketers, and every¬ 
one knows that marketing is a tool of the 
devil. I would also lump into this camp 
those who are opposed to HTML email 
based on security or bandwidth issues 
and believe that email should remain the 
domain of plain text—and I'll confess I'm 
surprised to find how many people out 
there seem to be of this mindset. 

I can't imagine ever needing CSS or 


We're in IT with You 


advanced layout features to compose an 
email message. However, for email news¬ 
letters that I choose to subscribe to, yes, 
for me presentation matters. I like a sharp, 
well-designed page and don't necessar¬ 
ily want to go to a website to see it that 
way. But I'm not reading my email on a 
mobile device, either. Yet, HTML isn't just 
about fancy formatting. Do you want to 
put a simple image in a message, rather 
than adding it as an attachment—say, a 
corporate logo in your email signature? 
Whoops, can't do that without HTML. And 
have you noticed how plain plain text 
actually is? That's right, no italics, bold, or 
highlighting. 

I'm not saying that Microsoft has made 
the right choice to use Word for Outlook's 
HTML engine. I don't know enough about 
HTML standards to judge one way or 

the other. The issue as I see it is 
whether the feedback gener¬ 
ated by the Twitter campaign 
is actually representative of 
Outlook users as a whole. As 
one reader of the ESP blog 
commented, "20,000 people 
is barely a drop in the ocean 
as far as users of Outlook are 
concerned. They [Microsoft] 
probably get more complaints 
about the colour of the title 
bar than that." An exaggera¬ 
tion, but you get the point. 

So this brings me back 
to my initial question: How 
does Microsoft end up being 
the punching bag so often? If 
the company is truly seeking 
customer input on product 
development, as it continues 
to claim, how do its product 
teams end up making deci¬ 
sions that anger and frustrate 
such a large segment of their 
user base? Or is it really just 
a vocal minority claiming to 
have a consensus about issues 
such as this Outlook HTML 
problem? ^ 

—B.K. Winstead 
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GeekAUas 

128 Places Where 
Science & Technology 
Come Alive 
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WeVe got a suggestion for your next family vacation! O'Reilly Media has 
sent us word about its new book The Geek Atlas: 128 Places Where Science & 
Technology Come Alive by John Graham-Cumming (a self-described “wan¬ 
dering programmer"). The press release reads, “This unique travelers' guide 
covers 128 interesting destinations around the globe where major break¬ 
throughs in science, mathematics, or technology occurred—or 
are happening now." Sounds like an excellent resource, but does 
Graham-Cumming help or hinder potential sales when he writes, 

“As you flip through the book, you'll see the sorts of pictures you'd 
find in a travel guide, but also a lot of diagrams and equations"? 
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A reader spotted this fascinating sign in Queenstown, New 
Zealand. As IT pros, you're probably looking for ways to ensure 
appropriate Internet usage among your users—not to mention 
safe Internet browsing at home for your family. But sometimes 
nasty stuff can sneak through, so it's nice to know you can 
simply launder the Internet at your convenience. 
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You think you've had a bad day? 



It's amazing what computers can do nowadays 


Well, when you 
put it that way . 


SEND US YOUR 

INDUSTRY 

HUMOR! 
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If we use your submission, 
you'll receive a free gift. 
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Microsoft 




/More available, reliable, scalable. 
/Wore able, period. 



Upgrade now? Absolutely. Want built-in virtualization, significantly reduced power consumption and the ability to seamlessly move virtual 
machines without disruption of service or perceived downtime? Windows Server® 2008 R2 does that Want simplified management through 
a single set of tools and enhanced protection for ubiquitous remote access? Who doesn't? Layer in the latest version of System Center and 
integrated Forefront™ security and you'll get all that too. Whew! That's a lot of added efficiency for one little ad. 

To learn more about how server upgrades can create efficiencies, go to itseverybodysbusiness.com/upgrade 



Snap this tag to get the 
latest news on server upgrades 
or text UPGRADE to 21710 


Because it's everybody's II business 


ft, 


Get the free app for your phone at 

http://gettag.mobi 





























From: I need a separate reporting server 


To: Comprehensive, free reporting - 
all on a single appliance 



NO-NONSENSE 


StBernard 



WEB FILTERING 


FLIP THE SWITCH 

Get your FRE iPrism® Switch Kit today: 


That's what you'll get when you switch to iPrism from 
St Bernard - the award-winning web filter that's easier 
in every way, and less expensive to own. 

iPrism is changing the way companies and schools 
everywhere handle their web filtering. With blaz¬ 
ing throughput speeds up to 100+ Mbps, anti-virus 
protection and seamless XenApp and Active Directory 
integration, iPrism is the appliance-based solution of 
choice for customers and institutions of any size. 

Find out more about the easiest-to-deploy, most 
highly rated web filtering solution ever - the industry's 
ONLY Citrix-ready web filtering appliance. 

Call 1.800.782.3762 or go to www.SwitchToiPrism.com 


FREE 30-day onsite evaluation 

that can be deployed without any client or 
network changes 

FREE enhanced technical support 

for setting up matching policies, reports & alerts 
based on your current settings 

INCENTIVE PRICING & A FREE T-SHIRT 

just for watching a live demo 



iPrism® h-Series, the world's #1 Web Filtering appliance. 

© 2008 St Bernard Software, Inc. 


















































